Splunk Enterprise Security

Splunk Add on for PA - incorrect tagging of Network sessions

lakshman239
SplunkTrust
SplunkTrust

** This is not a question, but adding this info for awareness for people using PA and CIM **

The default/tags.conf for start and end eventtypes is incorrect. It should be as follows:
[eventtype=pan_traffic_start]
network = enabled
communicate=enabled
start = enabled
session = disabled

[eventtype=pan_traffic_end]
network = enabled
communicate=enabled
end = enabled
session = disabled

0 Karma

lakshman239
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...