Skip to content

Alert action

Tag to dynamic address/user

Alert action shares context with the firewall by tagging IP addresses or users found in Splunk into Dynamic Address Groups.

To create an alert action, the following values should be filled:

Field Description
Hostname IP or hostname of firewall/Panorama.
Action Selection of Adding User/IP, Removing User/IP.
Tags Tags to be applied for user or IP, use space as separator for multiple tags.
Timeout Specify timeout to unregister tag mapping after a specified amount of time.