Alert action¶
Tag to dynamic address/user¶
Alert action shares context with the firewall by tagging IP addresses or users found in Splunk into Dynamic Address Groups. See https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy.
To create an alert action, provide the following values:
| Field | Description |
|---|---|
| Hostname | IP or hostname of firewall/Panorama. |
| Action | Selection of Adding User/IP, Removing User/IP. |
| Tags | Tags to be applied for user or IP, use space as separator for multiple tags. |
| Timeout | Specify timeout to unregister tag mapping after a specified amount of time. |