Skip to content
This repository has been archived by the owner on Dec 14, 2024. It is now read-only.

Update props.conf #257

Merged
merged 2 commits into from
Apr 1, 2024
Merged

Update props.conf #257

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac8f018
Update props.conf
as3923 May 9, 2022
9dedf59
fix(addon): Change fwcloud src to EVAL and remove fwcloud dest alias
btorresgil Oct 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions Splunk_TA_paloalto/default/props.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ FIELDALIAS-fwcloud_session_id = SessionID as session_id
EVAL-severity = coalesce(Severity, VendorSeverity)
FIELDALIAS-fwcloud_signature = ThreatName as signature
FIELDALIAS-fwcloud_signature_id = ThreatID as signature_id
FIELDALIAS-fwcloud_src = SourceAddress as src
EVAL-src = coalesce(SourceAddress, PublicIPv4)
FIELDALIAS-fwcloud_src_host = SourceDeviceHost as src_host
FIELDALIAS-fwcloud_src_interface = InboundInterface as src_interface
EVAL-src_ip = coalesce(SourceAddress, PublicIPv4)
Expand All @@ -97,8 +97,6 @@ FIELDALIAS-fwcloud_vsys_id = VirtualSystemID as vsys_id
FIELDALIAS-fwcloud_vsys_name = VirtualSystemName as vsys_name

LOOKUP-vendor_action = pan_vendor_action_lookup vendor_action OUTPUT action
FIELDALIAS-src_for_pan_cloud = src_ip as src
FIELDALIAS-dest_for_pan_cloud = dest_ip as dest
FIELDALIAS-dvc_for_pan_cloud = host as dvc

EVAL-dest_name = replace(dest_hostname, "^([^:/]+).*", "\1")
Expand Down