Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alternative update for app_list.csv #118

Open
simonsigre opened this issue Nov 18, 2018 · 1 comment
Open

Alternative update for app_list.csv #118

simonsigre opened this issue Nov 18, 2018 · 1 comment
Labels
add-on Related to the Splunk Add-On

Comments

@simonsigre
Copy link
Contributor

For customers that do not have access to pull this data from their FW, a proposed alternative method could to look to pull from a project/repo Splunk_TA_paloalto_lookups with a daily push from a volunteer customer (happy to do this) and then could perhaps use either a saved search / ES intel download to pull the raw from the project.
This method would allow Splunk Cloud customer to keep regular updates coming in also.
@simonsigre
Copy link
Contributor Author

There is a possibility that the Applipedia site may be tricked into handing it all over ;)
Maybe PAN could offer an API into Applipedia so customers can stay up-to-date.

Example;
curl 'https://applipedia.paloaltonetworks.com/Home/GetApplicationListView' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' --data 'category=&subcategory=&technology=&risk=&characteristic=&searchstring='

@btorresgil btorresgil transferred this issue from PaloAltoNetworks/Splunk_TA_paloalto Aug 7, 2020
@btorresgil btorresgil added the add-on Related to the Splunk Add-On label Aug 7, 2020
btorresgil added a commit to btorresgil/SplunkforPaloAltoNetworks that referenced this issue Mar 7, 2022
@btorresgil
Squashed 'bin/lib/pandevice/' changes from 4a42384..beddc80
500144b 
beddc80 Fixes PaloAltoNetworks#118 - add `TemplateStack.devices` param
dc73c20 adding objects.SecurityProfileGroup
2bba42f Correcting docstring
0df4a2a Fixes unittest and fixes PaloAltoNetworks#115 - adding .move()
db54830 Fixes PaloAltoNetworks#116 - Updating ha.HighAvailability for 8.1
62d659e removing default value (causes dynamic section to always be present)
877f933 adding 8.1 dynamic destination NAT stuff
35e195f Merge branch 'release/0.6.3' into develop
bcbabfe Bump version to 0.6.3
47557c5 Add tests for recent bug fixes and add pytest cache to gitignore
e3eea07 Change test ENV vars to have PD_ prefix
a9eeac1 Fix issue with printing objects that have no name
467e7f7 Merge branch 'release/0.6.2' into develop
2632d07 Bump to 0.6.2 and add release note
68ee366 Fix issue in error message check
b2da6f4 Add condition on travis deployment to pypi so only one deployment is attempted
1026702 Merge branch 'release/0.6.1' into develop
dc302c5 Bump version to 0.6.1
01d803f For objects with id, uid is id
913b1e7 Add graphviz and Jupiter Notebooks support for visualization of pandevice configuration tree
f981701 Update travis to deploy to PyPI
dd15f5b fixing `firewall.Firewall.create_vsys()`
e740429 Merge branch 'release/0.6.0' into develop
30457f8 bumping version to 0.6.0
6be504e Adding unittest for pano > ao; should be shared object
3a95ff3 Fixes PaloAltoNetworks/pan-os-python#96 - Fixes PaloAltoNetworks/pan-os-python#84 - Fixes PaloAltoNetworks/ansible-pan#44 (PaloAltoNetworks#109)
90c1b10 Support timeouts for logins in user-id module
976029d Removing HA device switch on _gather_bulk_info()
facc5a3 Merge branch 'release/0.5.3' into develop
3098ca0 bumping version to 0.5.3
26bada2 Adding support for ike and ipsec crypto profiles, ipsec tunnels, and ike gateways; fixing ipv6 enabled xpath for various network objects
2481cf1 Fixing live test - use a netmask for the OspfExportRule
ed7329f Merge branch 'release/0.5.2' into develop
2c1acdb Bumping version to 0.5.2
b0f7238 Fixes PaloAltoNetworks/pan-os-python#106 - adds support for DHCP on the mngt interface
779040d Fixes PaloAltoNetworks/pan-os-python#105 - explicitly set _ha_active in refresh_ha_active()
4af2434 Fixes PaloAltoNetworks/pan-os-python#104 - don't invoke active in show_highavailability_state()
308c523 Fixes PaloAltoNetworks/pan-os-python#102 - check for None before trying to iterate
ff73f00 Fixes PaloAltoNetworks/pan-os-python#101 - check for None vsys before doing imports
90079a7 Fixes PaloAltoNetworks/pan-os-python#100 - consider subinterface type when generating xpath
e17fecf Fixes PaloAltoNetworks/pan-os-python#99 - don't try to import ha or aggregate-group interfaces
e3174ae Merge branch 'release/0.5.1' into develop
f1f9314 Bumping version to 0.5.1
1bdaf9d Merge branch 'release/0.5.1' into develop
6e70bc2 Bumping version to 0.5.1
5203ea1 Updating the description
2960738 Fixes PaloAltoNetworks/pan-os-python#97 - expand check for panorama in create_from_device
b74c7c6 Fixes PaloAltoNetworks/pan-os-python#92 - fixes device.Vsys and reclassify network.VirtualWire as VsysOperations (PaloAltoNetworks#94)
2574c48 Fixes PaloAltoNetworks/pan-os-python#89 - if an importable has no vsys, make the parent the firewall if necessary (PaloAltoNetworks#90)
d6b9772 Fixes PaloAltoNetworks/pan-os-python#88 - bulk create/apply should check ALWAYS_IMPORT when considering vsys (PaloAltoNetworks#91)
df9997c Fixes PaloAltoNetworks/pan-os-python#93 - root is vsys for security and nat policies (PaloAltoNetworks#95)
33b39ef Merge branch 'release/0.5.0' into develop
f331841 tweaking language
7191a24 Version 0.5.0
471082e Fixes PaloAltoNetworks/pan-os-python#72 - rearchitect of bulk operations to be called on object, not parent of object (PaloAltoNetworks#81)
abf1511 Fixes PaloAltoNetworks/pan-os-python#71 - add reorganizer and allow subinterfaces to have vsys/fw objects as parents (PaloAltoNetworks#79)
c3b6ee6 Fixes PaloAltoNetworks/pan-os-python#69 - fully implements Zone (PaloAltoNetworks#80)
a204dfc Fixes PaloAltoNetworks/pan-os-python#68 - fixes equal() to ignore order of members/entries when order is not functionally relevant to comparison (PaloAltoNetworks#78)
e90db2e Fixes PaloAltoNetworks/pan-os-python#70 - support limited vsys refresh (PaloAltoNetworks#76)
d7d49ea Fix issue where `refreshall()` uses wrong xpath for vsys importable objects
3b9cf0a Change behavior of vsys delete so it is only automatic for interfaces or when vsys is set
a650a22 DRY vsys xpath generation and fix issue where wrong vsys is used when calling `create_vsys()` with an override vsys
21c0252 Fixes PaloAltoNetworks/pan-os-python#56 - add live network tests (PaloAltoNetworks#75)
eada48b Small correction to vsys import logic. All vsys importable object should get imported, but only interfaces should force an import to vsys1 if no vsys is specified.
94a7585 Simpler xpath algorithm.  Default vsys is now None instead of 'vsys1'.  Migrated DeviceGroup object to 'VersionedPanObject'. (PaloAltoNetworks#74)
26d941e Add color_code method to translate real colors to color codes
ee8e084 Predefined tag object support in the predefined module (PaloAltoNetworks#33)
4b5dc46 Remove obsolete VsysImportMixin class
232addf Merge commit 'd4ede7b2cc6ad75c2ec1c2e13af8e2b4e94fd626' into develop
26b7c7c Merge commit '8cecb84e0bb864ec713527556ca603c40d552e6a' into develop
b71b49d Merge commit '41a82877978c8beaac44f0b80e04f1e09626018f' into develop
ba1c1b8 Merge commit '4234882ace8bb5d9b5ba8e5b01a29dff6318d6d4' as 'bin/lib/pandevice'

git-subtree-dir: bin/lib/pandevice
git-subtree-split: beddc80f8b3cc7db03dd375bd9ec8433b9299070
github-actions bot pushed a commit to btorresgil/SplunkforPaloAltoNetworks that referenced this issue Mar 7, 2022
@semantic-release-bot
chore(release): 5.0.0-beta.1
238b9d8 
## [5.0.0-beta.1](v4.2.2...v5.0.0-beta.1) (2022-03-07)

### Features

* **addon:** Add Decryption Log Support for PANOS 10  - PaloAltoNetworks#126
* **addon:** Cortex Data Lake HEC log support - PaloAltoNetworks#162 PaloAltoNetworks#176
* **addon:** PAN Quality Validation and Improvement
* **addon:** Significantly improve and modernize CIM compliance
* **app/addon:** Add Cortex XDR incident support to App and Add-on including new XDR Incidents dashboard - PaloAltoNetworks#166
* **app/addon:** Add IoT Security - PaloAltoNetworks#158
* **app/addon:** Feature/dynamic user groups - PaloAltoNetworks#150
* **app/addon:** Python 3 Support - PaloAltoNetworks#124
* **app/addon:** Support GlobalProtect log type in PANOS 9.1 - PaloAltoNetworks#118
* **app/addon:** Update pandevice to 0.14.0 - PaloAltoNetworks#145

### Bug Fixes

* **addon:** Add fields for GlobalProtect logs
* **addon:** Add fields for GlobalProtect logs
* **addon:** Add GlobalProtect SourceUserName - PaloAltoNetworks#209 PaloAltoNetworks#202
* **addon:** Add modinputs as tasks in app.manifest - PaloAltoNetworks#153
* **addon:** Add virus eventtype to malware CIM - PaloAltoNetworks#114 PaloAltoNetworks#138
* **addon:** Fix appserver/static files
* **addon:** Fix CDL logs contained string 'null' in 'user' field - PaloAltoNetworks#187
* **addon:** Fix error from Minemeld automatic lookup
* **addon:** Fix GlobalProtect logs dvc_name field
* **addon:** Fix GlobalProtect logs dvc_name field
* **addon:** Fix nav bar background color
* **addon:** Fix src_user field contained destination user - PaloAltoNetworks#186
* **addon:** Fix typo in transform.conf ([PaloAltoNetworks#227](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/227))
* **addon:** Fix user showing as unknown from GlobalProtect logs.  - PaloAltoNetworks#217
* **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168
* **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168
* **addon:** Remove endpoint tags and eventtypes - PaloAltoNetworks#196
* **addon:** Remove port from `dest_name` field - PaloAltoNetworks#129 PaloAltoNetworks#128
* **addon:** Remove white space from GlobalProtect sourcetype - PaloAltoNetworks#131
* **addon:** Restore "unknown" string for empty 'user' field
* **app:** Fix error after upgrade to 7.0.0: "Unknown search command 'panwildfirereport'" - PaloAltoNetworks#189
* **app:** Fix IoT Security dashboard filter - PaloAltoNetworks#181
* **app:** Fix panContentPack error. Fixes bug [PaloAltoNetworks#222](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/222) - PaloAltoNetworks#225
* **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163
* **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163
* **app:** Remove endpoint from Data Model Audit dashboard - PaloAltoNetworks#218
* **app/addon:** correct user-id tag_user / untag_user
* **app/addon:** Fix background color of logo - PaloAltoNetworks#141

### Performance Improvements

* **app:** Change simple XML to use JQuery 3.5 - PaloAltoNetworks#207
* **app:** Remove high cardinality fields from datamodel

### ⚠ MAJOR RELEASE CHANGES

This is a major release

Splunk dashboards and searches you have created might be
affected by these changes. Please be prepared to test and
adjust any dashboards not included with the App after upgrade.

* **addon:** pan_traffic_start logs no longer included in CIM
* **addon:** pan_traffic_end logs moved from Network Session to Network Traffic datamodel
* **addon:** pan_threat event type now includes wildfire and data logs
* **addon:** pan_file logs moved from Web to IDS datamodel
* **addon:** pan_virus logs moved from Malware to IDS datamodel
* **addon:** pan_wildfire logs moved from Malware to IDS datamodel
* **addon:** pan_email removed from Email datamodel
* **app:** Removes datamodel for GlobalProtect logs before PAN-OS 9.1
* **app/addon:** Removes Traps 4 support
* **app/addon:** Deprecates Traps 5 and Traps 6 support
* **app:** Removes support for legacy WildFire Report API
* **app/addon:** Requires Splunk 8.0 or higher
* **app/addon:** Replaces Adversary Scoreboard and Incident Feed dashboards with new XDR Incidents dashboard
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
add-on Related to the Splunk Add-On
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@btorresgil @simonsigre