All Apps and Add-ons

pantag to update dynamic group

New Member

Hi community,

I wish to know if the following

  1. For pantag to update the dynamic group, i am assuming that the data from wildfire is sufficient to accomplish this. The reason is that we have a splunk cloud and our panorama are located on prem. The only way to perform the integration is to deploy a on prem splunk enterprise that will use the data from wildfire which is collected via api.
  2. If the malware connects to microsoft site to download powershell, does it get block as well after running the script?


0 Karma

Splunk Employee
Splunk Employee

Hello @Benobiwan

Currently pantag takes IP address as the variable that is sent to the PAN device for adding to a dynamic address group:

The source of the data is generally immaterial as long as it contains an IP address, pantag should be able to accept it and pass it on to the PAN Device.

For your second question, it all comes down to the policy associated with the dynamic address group. That's set up on the PAN device, if you reference the previous link it should show some examples.

0 Karma
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...