All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

pantag to update dynamic group

benobiwan
New Member
‎03-21-2016 02:00 AM

Hi community,

I wish to know if the following

  1. For pantag to update the dynamic group, i am assuming that the data from wildfire is sufficient to accomplish this. The reason is that we have a splunk cloud and our panorama are located on prem. The only way to perform the integration is to deploy a on prem splunk enterprise that will use the data from wildfire which is collected via api.
  2. If the malware connects to microsoft site to download powershell, does it get block as well after running the script?

Rgrds,
Benson

0 Karma
Reply

kchamplin_splun
Splunk Employee
Splunk Employee
‎03-21-2016 10:29 AM

Hello @Benobiwan

Currently pantag takes IP address as the variable that is sent to the PAN device for adding to a dynamic address group:
http://pansplunk.readthedocs.org/en/latest/commands.html#pantag

The source of the data is generally immaterial as long as it contains an IP address, pantag should be able to accept it and pass it on to the PAN Device.

For your second question, it all comes down to the policy associated with the dynamic address group. That's set up on the PAN device, if you reference the previous link it should show some examples.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...