More than Splunk, this question is related to firewall logs - any help is very much appreciated.
Desc: Mapping Key-value of pan_logs to OPSEC logs
Fields: category vs app_category & signature Vs rule_name ??
sourcetype: Palo alto logs
Field name: category (small-letter)
sourcetype: opsec - checkpoint logs
Field name: I see fields app_category , matched_category--> but all the field values are extracted as= ""***** Confidential ******
""***** Confidential ******
How do I map similar category fields in OPSEC to similar fields from Palo Alto? Are there any other fields that map these values?
Fieldname: signature (palo_alto logs)
Fieldname: rule_name (opsec)
Can both fields be mapped?
To show the actual data instead of Confidential, you need to set the LEA Permissions to show all log fields. See here: