Improve CIM-COMPLIANCE for PAN:CONFIG and datamodel change

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

https://pan.dev/splunk/docs/

ISC License

106 stars 49 forks source link

Improve CIM-COMPLIANCE for PAN:CONFIG and datamodel change #224

Open CERT-ENEDIS opened 3 years ago

CERT-ENEDIS commented 3 years ago

Improve CIM-COMPLIANCE for PAN:CONFIG LOG in order to map and alias more fields from the source log sent by PA devices.

See the image below where all fields are set to "unknow" value whereas some of the informations could be completed : action : created (associated to set I guess) object : config mgt-config users

welcome-to-palo-alto-networks[bot] commented 3 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!

EUmbach commented 2 years ago

Didn't you know? Palo Alto Networks Add-on

Fully Common Information Model (CIM) compliant and designed for use with [Splunk Enterprise Security]

I wish this was funnier that it really is.