Splunk-Apps

Splunk-Apps copied to clipboard

## Describe the bug Currently we should be using log_type as the field to define the type of log it is. We have HIPMATCH, USERID, GLOBALPROTECT logs that are still...

paulmnguyen

Installation Instruction Misleading Where to Install TA

1

The TA is not needed on Indexers if ingesting on a Heavy Forwarder. Installing on indexer causes error messages related to aperture, cortex xdr and minemeld settings missing.

arcuseagles

Fix common.py get_firewall_credentials

2

## Description common.py was throwing several errors. The first was a local variable 'password' referenced before assignment. To resolve this, I defined the password variable before the get_firewall_credentials and added...

connellyt

Correct bytes sent/received field aliases for pan:firewall_cloud

1

## Description Flip the bytes_in and bytes_out field aliases. ## Motivation and Context 'bytes_in' should be mapped to the BytesReceived field from the perspective of the client in a client-to-server...

ryanbsaunders

possible miss in parsing of Palo Alto logs for Category field with event "computer-and-internet-info,high-risk" with Splunk_TA_paloalto TA

2

PAN syslog events with "computer-and-internet-info,high-risk" have Category of "computer-and-internet-info" instead of "computer-and-internet-info,high-risk" for pan:threat logs ## Expected behavior Category is "computer-and-internet-info,high-risk" ## Current behavior Category is "computer-and-internet-info" only ## Possible...

mike1li

A custom JavaScript error caused an issue loading your dashboard....." Palo Alto Networks Splunk App

6

When going to the Threats and Activities dashboards in the Palo Alto Networks App on Splunk on-prem version I get the error "A custom JavaScript error caused an issue loading...

Cliffcy

Update transforms.conf

2

## Description Resolve issue #101 ## Motivation and Context ## How Has This Been Tested? ## Screenshots (if appropriate) ## Types of changes - Bug fix (non-breaking change which fixes...

as3923

Timestamps processing for CDL sources over HTTPS is not correct

7

## Describe the bug All CDL sources map to an expected sourcetype of pan:firewall_cloud. This means that Splunk uses a consistent set of rules for all log events sent. Either...

MonkeyKa

Traffic and Threat Log doens't correctly translate the Source IP / X-Forwarded-For Value

3

### Describe the bug When sending Traffic and Threat Logs (potentially others) with the X-Forwarded-For Header set in the log traffic the Palo Splunk Add-On isn't pulling out that data...

paulkilla

User Field Calc Misconfiguration Pan:Threat

1

## Describe the bug For the ```pan:threat``` sourcetype we are observing, un-parsed ```sender``` and ```recipient``` field values in the ```user``` field. This is due to the fact the Splunk does...

RH-3