Traps data in SFN - Githubissues

PaloAltoNetworks / SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

https://gitlab.com/panw-gse/as/SafeNetworking/

Apache License 2.0

12 stars 10 forks source link

Traps data in SFN #62

Open punisherVX opened 5 years ago

punisherVX commented 5 years ago

When using Traps, TMS will classify a hit as malware, but it does not tell you what malware tag, only giving you a hash.
Want to add feature to SFN that accepts logs from TMS then use SFN to lookup hash via AF and store in Elasticsearch along with event. Need to discuss and find when/if feature can be done.

zube[bot] commented 5 years ago

sdndude said: This could be an AppFramework application for Traps only.

punisherVX commented 4 years ago

@kevwal1 - I will set up a call for us to discuss. With us moving to ECS and the work that has already been done, this may not wind up in SFN but should be part of the standard ELK for PANW that we build

punisherVX commented 4 years ago

This may be somewhat solved with PANW-ELK but needs to be seen once the ECS version is out.