Splunk Enterprise Security
Highlighted

Splunk Add on for PA - incorrect tagging of Network sessions

SplunkTrust
SplunkTrust

** This is not a question, but adding this info for awareness for people using PA and CIM **

The default/tags.conf for start and end eventtypes is incorrect. It should be as follows:
[eventtype=pantrafficstart]
network = enabled
communicate=enabled
start = enabled
session = disabled

[eventtype=pantrafficend]
network = enabled
communicate=enabled
end = enabled
session = disabled

0 Karma
Highlighted

Re: Splunk Add on for PA - incorrect tagging of Network sessions

SplunkTrust
SplunkTrust
0 Karma