Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix whitespace issue in GlobalProtect 9.1 parser #131

Merged
merged 1 commit into from
Aug 11, 2020
Merged

Fix whitespace issue in GlobalProtect 9.1 parser #131

merged 1 commit into from
Aug 11, 2020

Conversation

kcsixers
Copy link
Contributor

Removed whitespace at the end of the regex for GlobalProtect sourcetype renaming.

Description

Whitespace at the end of the GlobalProtect sourcetype renaming regex is causing the regex to fail and not identify the proper events to re-sourcetype.

Motivation and Context

Fixes the re-sourcetyping of new GlobalProtect logs to their proper sourcetype.

How Has This Been Tested?

Tested in a local environment for proper sourcetype renaming of the GlobalProtect logs.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have updated the documentation accordingly.
  • [x ] I have read the CONTRIBUTING document.
  • I have added tests to cover my changes if appropriate.
  • All new and existing tests passed.

@kcsixers
Update transforms.conf
92517dd 
Removed whitespace at the end of the regex for GlobalProtect sourcetype renaming.
@welcome
Copy link

welcome bot commented Aug 11, 2020

🎉 Thanks for opening this pull request! We really appreciate contributors like you! 🙌

@paulmnguyen paulmnguyen merged commit 59d781d into PaloAltoNetworks:develop Aug 11, 2020
@welcome
Copy link

welcome bot commented Aug 11, 2020

🎉 Congrats on getting your first pull request merged! We here at Palo Alto Networks are so grateful! ❤️

@paulmnguyen paulmnguyen added add-on Related to the Splunk Add-On app Related to the Splunk App (not the Add-on) bug labels Aug 11, 2020
github-actions bot pushed a commit that referenced this pull request Aug 11, 2020
@semantic-release-bot
chore(release): 6.3.1
b5debbe 
### [6.3.1](v6.3.0...v6.3.1) (2020-08-11)

### Bug Fixes

* **addon:** Remove white space from GlobalProtect sourcetype - #131
@github-actions
Copy link

🎉 This PR is included in version 6.3.1 🎉

This release is available on SplunkBase: App - Add-on

Posted by semantic-release bot

@btorresgil btorresgil changed the title Update transforms.conf Fix whitespace issue in GlobalProtect 9.1 parser Aug 11, 2020
@btorresgil
Copy link
Member

Hi @kcsixers, just want to say thanks for catching this oversight and reporting it quickly. The fixed version 6.3.1 is available now. Please let us know if you see any more issues, and feel free to share any general feedback.

Thanks!
-Brian

github-actions bot pushed a commit to btorresgil/SplunkforPaloAltoNetworks that referenced this pull request Mar 7, 2022
@semantic-release-bot
chore(release): 5.0.0-beta.1
238b9d8 
## [5.0.0-beta.1](v4.2.2...v5.0.0-beta.1) (2022-03-07)

### Features

* **addon:** Add Decryption Log Support for PANOS 10  - PaloAltoNetworks#126
* **addon:** Cortex Data Lake HEC log support - PaloAltoNetworks#162 PaloAltoNetworks#176
* **addon:** PAN Quality Validation and Improvement
* **addon:** Significantly improve and modernize CIM compliance
* **app/addon:** Add Cortex XDR incident support to App and Add-on including new XDR Incidents dashboard - PaloAltoNetworks#166
* **app/addon:** Add IoT Security - PaloAltoNetworks#158
* **app/addon:** Feature/dynamic user groups - PaloAltoNetworks#150
* **app/addon:** Python 3 Support - PaloAltoNetworks#124
* **app/addon:** Support GlobalProtect log type in PANOS 9.1 - PaloAltoNetworks#118
* **app/addon:** Update pandevice to 0.14.0 - PaloAltoNetworks#145

### Bug Fixes

* **addon:** Add fields for GlobalProtect logs
* **addon:** Add fields for GlobalProtect logs
* **addon:** Add GlobalProtect SourceUserName - PaloAltoNetworks#209 PaloAltoNetworks#202
* **addon:** Add modinputs as tasks in app.manifest - PaloAltoNetworks#153
* **addon:** Add virus eventtype to malware CIM - PaloAltoNetworks#114 PaloAltoNetworks#138
* **addon:** Fix appserver/static files
* **addon:** Fix CDL logs contained string 'null' in 'user' field - PaloAltoNetworks#187
* **addon:** Fix error from Minemeld automatic lookup
* **addon:** Fix GlobalProtect logs dvc_name field
* **addon:** Fix GlobalProtect logs dvc_name field
* **addon:** Fix nav bar background color
* **addon:** Fix src_user field contained destination user - PaloAltoNetworks#186
* **addon:** Fix typo in transform.conf ([PaloAltoNetworks#227](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/227))
* **addon:** Fix user showing as unknown from GlobalProtect logs.  - PaloAltoNetworks#217
* **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168
* **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168
* **addon:** Remove endpoint tags and eventtypes - PaloAltoNetworks#196
* **addon:** Remove port from `dest_name` field - PaloAltoNetworks#129 PaloAltoNetworks#128
* **addon:** Remove white space from GlobalProtect sourcetype - PaloAltoNetworks#131
* **addon:** Restore "unknown" string for empty 'user' field
* **app:** Fix error after upgrade to 7.0.0: "Unknown search command 'panwildfirereport'" - PaloAltoNetworks#189
* **app:** Fix IoT Security dashboard filter - PaloAltoNetworks#181
* **app:** Fix panContentPack error. Fixes bug [PaloAltoNetworks#222](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/222) - PaloAltoNetworks#225
* **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163
* **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163
* **app:** Remove endpoint from Data Model Audit dashboard - PaloAltoNetworks#218
* **app/addon:** correct user-id tag_user / untag_user
* **app/addon:** Fix background color of logo - PaloAltoNetworks#141

### Performance Improvements

* **app:** Change simple XML to use JQuery 3.5 - PaloAltoNetworks#207
* **app:** Remove high cardinality fields from datamodel

### ⚠ MAJOR RELEASE CHANGES

This is a major release

Splunk dashboards and searches you have created might be
affected by these changes. Please be prepared to test and
adjust any dashboards not included with the App after upgrade.

* **addon:** pan_traffic_start logs no longer included in CIM
* **addon:** pan_traffic_end logs moved from Network Session to Network Traffic datamodel
* **addon:** pan_threat event type now includes wildfire and data logs
* **addon:** pan_file logs moved from Web to IDS datamodel
* **addon:** pan_virus logs moved from Malware to IDS datamodel
* **addon:** pan_wildfire logs moved from Malware to IDS datamodel
* **addon:** pan_email removed from Email datamodel
* **app:** Removes datamodel for GlobalProtect logs before PAN-OS 9.1
* **app/addon:** Removes Traps 4 support
* **app/addon:** Deprecates Traps 5 and Traps 6 support
* **app:** Removes support for legacy WildFire Report API
* **app/addon:** Requires Splunk 8.0 or higher
* **app/addon:** Replaces Adversary Scoreboard and Incident Feed dashboards with new XDR Incidents dashboard
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulmnguyen paulmnguyen paulmnguyen approved these changes

Assignees
No one assigned
Labels
add-on Related to the Splunk Add-On app Related to the Splunk App (not the Add-on) bug released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kcsixers @btorresgil @paulmnguyen