Open punisherVX opened 5 years ago
sdndude said: This could be an AppFramework application for Traps only.
@kevwal1 - I will set up a call for us to discuss. With us moving to ECS and the work that has already been done, this may not wind up in SFN but should be part of the standard ELK for PANW that we build
This may be somewhat solved with PANW-ELK but needs to be seen once the ECS version is out.
When using Traps, TMS will classify a hit as malware, but it does not tell you what malware tag, only giving you a hash.
Want to add feature to SFN that accepts logs from TMS then use SFN to lookup hash via AF and store in Elasticsearch along with event. Need to discuss and find when/if feature can be done.