Closed punisherVX closed 5 years ago
These need to be moved out for future use. The logs are filtered and events are tagged, but until we have a better grasp on where the URL enrichment will come from, we need to push them out.
See #10 as a co-requisite
There is nothing to do here as the current level of info for URL is not usable from external sources.
Using the same processing structure as DNS, we need the same workflow for URL events from the NGFW.
This will require a class structure, searching algorithms and storage code.
Ticket #10: Extend SFN to process URL FW events
Currently SFN processes Threat log events with a focus on DNS log messages. We need to extend out capability to also cover process URL events. Initial thinking in
https://github.com/PaloAltoNetworks/safe-networking-sp/issues/81