Comments (3)
Hi,
Thanks for reaching out to us. I understand you are trying to show notable events in ES Threat Dashboard. Could you clarify to what it is you are trying to enable to show notable events?
Regards,
Paul Nguyen
from splunk-apps.
Is there anything further we can help you with on this issue? Note that you can also get help at Splunk Answers. Whenever you open a question there a team of Splunk and Palo Alto Networks engineers get notified and will respond.
from splunk-apps.
To the original question, the user should create an alert on eventtype=pan_threat and set an alert action of "create notable event".
However I would not do this unless you are ready to evaluate every pan_threat and accept that the number could be very large.
from splunk-apps.
Related Issues (20)
- get_incident_extra_data HOT 5
- Issues getting sourcetype=pan:* to produce data in query. HOT 7
- Incorrect Field Mapping - PAN Threat - User Field (mapped with http category - Sender) HOT 3
- App is not parsing the URI to create interesting fields HOT 1
- Where are the release notes for 8.1.0? HOT 5
- field offset wrong at src_user and source_name in transforms.conf HOT 2
- pan:config in default is broken
- Logs not being properly parsed when shipped from Panorama to Splunk HOT 8
- Splunk HEC PAN firewall events "_time" not matching configured "TimeGenerated" field HOT 2
- Minemeld feeds URL inputs not accepted HOT 3
- Version 8.1.0 not listed as Splunk Cloud compatible on Splunkbase HOT 5
- Splunk Cloud App Vetting Failing Due to File in "PaxHeader" Directories HOT 1
- The splunk_ta_paloalto requests package is claiming a dependency on Older chardet and urllib3 versions, please update to new versions. HOT 1
- Not getting data from Cortex
- IoT Security Input 'Interval' Not Used To Influence 'stime' All Data All The Time HOT 1
- PAN-OS Authentication Log Field Extractions
- SourceType Confusion
- Base Search in network_security.xml does not contain vendor_action so sink holing subsearch fails
- Logs have only sourcetype of pan:log HOT 1
- [Bug] Cortex Data > Splunk HEC event line breaks missing HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from splunk-apps.