Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
This TA has the saves search "AutoFocus - Retrieve Tag Metadata" enabled by default. This is not permisable since this TA is installed on indexers, and HWF systems.
Saved searches may be defined, but they must be disabled.
Saves Searches are being run on each member of the indexing tier as well as HFW.
Set AutoFocus - Retrieve Tag Metadata to disabled = 1.
Install the App. Break the standard.
1.
2.
3.
4.
Screenshots
Context
Your Environment
Version used:
Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3):
This TA has the saves search "AutoFocus - Retrieve Tag Metadata" enabled by default. This is not permisable since this TA is installed on indexers, and HWF systems.
Saved searches may be defined, but they must be disabled.
Saves Searches are being run on each member of the indexing tier as well as HFW.
Set AutoFocus - Retrieve Tag Metadata to disabled = 1.
Install the App. Break the standard.
1. 2. 3. 4.
Screenshots
Context
Your Environment