Hi,   I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON logs and as the documentation they should come under sourcetype=pan:firewall_cloud.All our dashboards are set up expecting traffic logs under pan:traffic and threat logs under pan:threat.   Having checked the props.conf and transforms.conf for sourcetype=pan:firewall_cloud, there is no rule to route the logs to pan:threat or pan:traffic. how is everyone dealing with this situation ? appreciate any workarounds or suggestions in general. This seems to be big issue anyone using SLS (strata logging service).Thanks.   ... View more

Hi all, I am trying to understand data in sourcetype=pan:hipmatch for a VPN posture check use case. Has anyone developed or know of any dashboards developed on pan:hip match data and what fields can be use to correlate it with pan:globalprotect. Appreciate any pointers ... View more

Hi all, I'm having issues comparing user field in Palo Alto traffic logs vs last user reported by Crowdstrike/Windows events.Palo-Alto traffic logs is showing a different user in logs initiating the traffic during the time window compared to Crowd strike last user login reported for same endpoint. Has anyone you know faced similar issue ?   Thanks  ... View more