Splunk-Apps icon indicating copy to clipboard operation
Splunk-Apps copied to clipboard
verified publisher icon PaloAltoNetworks

Missing multi-category URL Filtering field extraction

Open linsmeyerh opened this issue 5 years ago • 7 comments

Noted on Palo Alto Add-on for Splunk the field extraction for log type pan:threat logs stops at field content_version section (comma "," separated section) not capturing the 5th section "ahead" available in the firewall raw logs, which is the proposed new field category.

The field category is currently evaluated from raw_category or threat_category fields not providing the full multi category URL filtering visibility as available in the firewall raw logs.

image

linsmeyerh avatar Oct 07 '20 03:10 linsmeyerh

Nice work @linsmeyerh, great fix

simonsigre avatar Oct 21 '20 22:10 simonsigre

This will save a lot of headache. Thanks @linsmeyerh !

kylegbakker avatar Oct 21 '20 22:10 kylegbakker

Thanks @linsmeyerh , nice find!

davidclarke-au avatar Oct 21 '20 22:10 davidclarke-au

Great work, Thanks @linsmeyerh

Git-Portal avatar Oct 21 '20 22:10 Git-Portal

Great job @linsmeyerh !

jxztan avatar Oct 21 '20 22:10 jxztan

awesome work @linsmeyerh

amanuelw avatar Oct 21 '20 23:10 amanuelw

Thanks @linsmeyerh this will really help us!

grantrburgess avatar Oct 21 '20 23:10 grantrburgess