We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The CIM field "signature" is not present in sourcetype pan:firewall_cloud
pan:firewall_cloud : FIELDALIAS-fwcloud_signature | ThreatName AS signature
field "signature" is necessary for CIM datamodels
the field is not calculated
I think field "ThreatName" is not right. The right seems to be "threat:name" Other solution is to create a field alias of "ThreadID" field
index="*" sourcetype="pan:firewall_cloud"
The text was updated successfully, but these errors were encountered:
🎉 Thanks for opening your first issue here! Welcome to the community!
Sorry, something went wrong.
fix(addon): CDL threat_name field more robust
6f290d0
Fixes #234 The threat_name field can now pull from the ThreatName field if it exists, or the ThreatID field as a backup.
paulmnguyen
No branches or pull requests
Describe the bug
The CIM field "signature" is not present in sourcetype pan:firewall_cloud
pan:firewall_cloud : FIELDALIAS-fwcloud_signature | ThreatName AS signature
Expected behavior
field "signature" is necessary for CIM datamodels
Current behavior
the field is not calculated
Possible solution
I think field "ThreatName" is not right. The right seems to be "threat:name"
Other solution is to create a field alias of "ThreadID" field
Steps to reproduce
index="*" sourcetype="pan:firewall_cloud"
Your Environment
The text was updated successfully, but these errors were encountered: