Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Splunk_TA_paloalto: Missing CIM field ids_type #31

Closed
hire-vladimir opened this issue Sep 9, 2016 · 1 comment
Closed

Splunk_TA_paloalto: Missing CIM field ids_type #31

hire-vladimir opened this issue Sep 9, 2016 · 1 comment
Labels
bug
Milestone
Add-on 3.7.0

Comments

@hire-vladimir
Copy link

hire-vladimir commented Sep 9, 2016
edited
Loading

Per Network Traffic DM, ids_type field is required, the TA presently does not populate this. Suggested following enhancement to the TA:

props.conf

[pan:threat]
EVAL-ids_type = "network"

This field is primarily exposed within ES -> Intrusion Center -> "New Attacks - Last 30 Days" panel
@btorresgil btorresgil added the bug label Sep 12, 2016
@btorresgil
Copy link
Member

btorresgil commented Sep 20, 2016
edited
Loading

Resolved for firewall in commit PaloAltoNetworks/Splunk_TA_paloalto@4a5ddf3
Resolved for endpoint in commit PaloAltoNetworks/Splunk_TA_paloalto@f7c8579

@btorresgil btorresgil modified the milestone: Add-on 3.7.0 Oct 5, 2016
paulmnguyen pushed a commit that referenced this issue Aug 3, 2017
Merge pull request #31 from PaloAltoNetworks/feature/TA-check
d166bc9 
Feature/ta check merge
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Add-on 3.7.0
Development

No branches or pull requests
2 participants
@btorresgil @hire-vladimir