search

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
https://splunk.paloaltonetworks.com
ISC License
103 stars 50 forks source link

App Lookup list missing applications #89

Open bluestarr97 opened 5 years ago

bluestarr97 commented 5 years ago

Running the latest Palo Splunk App v6.1.1 but noticed when running a SaaS report keying on the field 'app:is_saas' everything looked good but digging through noticed that DropBox wasn't showing up. Upon further investigation found it's referencing /opt/splunk/etc/apps/Splunk_TA_paloalto/lookups/app_list.csv for lookups. Problem is that 'app_list.csv is not complete, there is ~1k difference I noticed in number of apps from apps on my latest firewall App List.
What is the procedure of updating that splunk list? The csv I export from the firewall has slightly different field names and doesn't include all the ones in the splunk app at all.

Thanks!

idev commented 5 years ago

Seems to be the same problem as with my issue (retriveNewApp.py broken). It looks like the Server who is providing the informations is no longer working (https://ww2.paloaltonetworks.com/iphone/NewApps.aspx).

crumpetcrusher commented 5 years ago

Please follow the procedure at this location to keep your app/threat lookups up to date: https://splunk.paloaltonetworks.com/lookups.html#contentpack