search

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
https://splunk.paloaltonetworks.com
ISC License
103 stars 50 forks source link

TA violates Splunk standards by including an activated savedsearch in the TA. #104

Open DavidCST opened 4 years ago

DavidCST commented 4 years ago

This TA has the saves search "AutoFocus - Retrieve Tag Metadata" enabled by default. This is not permisable since this TA is installed on indexers, and HWF systems.

Saved searches may be defined, but they must be disabled.

Saves Searches are being run on each member of the indexing tier as well as HFW.

Set AutoFocus - Retrieve Tag Metadata to disabled = 1.

Install the App. Break the standard.

1. 2. 3. 4.

Screenshots

Context

Your Environment

welcome[bot] commented 4 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!

welcome[bot] commented 4 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!