Alert action¶
Tag to dynamic address/user¶
Alert action shares context with the firewall by tagging IP addresses or users found in Splunk into Dynamic Address Groups.
To create an alert action, the following values should be filled:
| Field | Description |
|---|---|
| Hostname | IP or hostname of firewall/Panorama. |
| Action | Selection of Adding User/IP, Removing User/IP. |
| Tags | Tags to be applied for user or IP, use space as separator for multiple tags. |
| Timeout | Specify timeout to unregister tag mapping after a specified amount of time. |