All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

pantag to update dynamic group

benobiwan
New Member
‎03-21-2016 02:00 AM

Hi community,

I wish to know if the following

  1. For pantag to update the dynamic group, i am assuming that the data from wildfire is sufficient to accomplish this. The reason is that we have a splunk cloud and our panorama are located on prem. The only way to perform the integration is to deploy a on prem splunk enterprise that will use the data from wildfire which is collected via api.
  2. If the malware connects to microsoft site to download powershell, does it get block as well after running the script?

Rgrds,
Benson

0 Karma
Reply

kchamplin_splun
Splunk Employee
Splunk Employee
‎03-21-2016 10:29 AM

Hello @Benobiwan

Currently pantag takes IP address as the variable that is sent to the PAN device for adding to a dynamic address group:
http://pansplunk.readthedocs.org/en/latest/commands.html#pantag

The source of the data is generally immaterial as long as it contains an IP address, pantag should be able to accept it and pass it on to the PAN Device.

For your second question, it all comes down to the policy associated with the dynamic address group. That's set up on the PAN device, if you reference the previous link it should show some examples.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...