1.) Support for non-PANOS IoT known threat events parsed through logstash and tagged in elasticsearch
2.) Support for GTP and SCTP logs with EventCode enrichment
3.) Separate pipelines for Logstash listeners
4.) Further automated installation
5.) BETA - Cloud-DNS logging from NGFW - BETA
6.) BETA - IoT IP syslog from external devices - BETA
Merging latest code in for v3.5 release
New Features
1.) Support for non-PANOS IoT known threat events parsed through logstash and tagged in elasticsearch
2.) Support for GTP and SCTP logs with EventCode enrichment
3.) Separate pipelines for Logstash listeners
4.) Further automated installation
5.) BETA - Cloud-DNS logging from NGFW - BETA
6.) BETA - IoT IP syslog from external devices - BETA
Issues resolved
Use pipeline functionality in logstash to separate listeners to individual pipelines
Fix setup to use current UID
Threat doc classified as SFN-DNS has no domain name
TunnelID_IMSI is mapped to a long but should be text
Upgrade to ElasticStack 6.5
Add GTP events to be stored in SFN
Use pipeline functionality in logstash to separate listeners to individual pipelines
Logstash for external IP IoT
setup.sh checks issue
Add relevant tag to domain document
sfn.log written as root when run as a service
Update doc examples to use new indexes
Owner/Subscriber information
@PaloAltoNetworks/sp-solutions