Splunk-Apps icon indicating copy to clipboard operation
Splunk-Apps copied to clipboard
verified publisher icon PaloAltoNetworks

App Lookup list missing applications

Open bluestarr97 opened this issue 6 years ago • 2 comments

Running the latest Palo Splunk App v6.1.1 but noticed when running a SaaS report keying on the field 'app:is_saas' everything looked good but digging through noticed that DropBox wasn't showing up. Upon further investigation found it's referencing /opt/splunk/etc/apps/Splunk_TA_paloalto/lookups/app_list.csv for lookups. Problem is that 'app_list.csv is not complete, there is ~1k difference I noticed in number of apps from apps on my latest firewall App List.
What is the procedure of updating that splunk list? The csv I export from the firewall has slightly different field names and doesn't include all the ones in the splunk app at all.

Thanks!

bluestarr97 avatar Apr 22 '19 23:04 bluestarr97

Seems to be the same problem as with my issue (retriveNewApp.py broken). It looks like the Server who is providing the informations is no longer working (https://ww2.paloaltonetworks.com/iphone/NewApps.aspx).

idev avatar Sep 10 '19 09:09 idev

Please follow the procedure at this location to keep your app/threat lookups up to date: https://splunk.paloaltonetworks.com/lookups.html#contentpack

crumpetcrusher avatar Sep 26 '19 14:09 crumpetcrusher