Sourcetype pan:threat_traps FIELDALIAS-date( CIM )

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

https://splunk.paloaltonetworks.com

ISC License

104 stars 49 forks source link

Sourcetype pan:threat_traps FIELDALIAS-date( CIM ) #82

Open apezuela opened 5 years ago

apezuela commented 5 years ago

Hi,

CIM malware model has a date field :

Malware_Attacks | date | string | The date of the malware event.

There is a field named "generated_time" In events with source type pan:threat_traps, it will be great if you create a date field from generated_time field infomation.

Best regards,

apezuela commented 5 years ago

At this moment, we are generated "date" field using a calculated field from "genereted_time" field in this way:

eval date = strftime(strptime(generated_time,"%Y-%m-%dT%H:%M:%S"),"%m-%d-%Y %H:%M:%S")