Source types for the Splunk Add-on for Palo Alto Networks¶
The Splunk Add-on for Palo Alto Networks has the following source types.
| Source type | Description | Event type | CIM data models |
|---|---|---|---|
pan:system |
PAN OS system events | pan_system<br> pan_system_auth<br> pan_system_alert<br> pan_system_change |
Authentication Change |
pan:decryption |
PAN OS decryption events | pan_decryption |
Network Traffic |
pan:traffic |
PAN OS traffic events | pan_traffic<br> pan_traffic_end<br> pan_traffic_start |
Network Traffic |
pan:threat |
PAN OS threat events | pan_threat<br> pan_file pan_url<br> pan_email<br> pan_data<br> pan_virus<br> pan_spyware<br> |
Intrusion Detection |
pan:config |
PAN OS config events | pan_config |
Change |
pan:hipmatch |
PAN OS hipmatch events | pan_hipmatch |
|
pan:correlation |
PAN OS correlation events | pan_correlation |
Alerts |
pan:userid |
PAN OS userid events | pan_userid |
|
pan:globalprotect |
GLOBALPROTECT events | pan_global_protect |
Authentication |
pan:firewall_cloud |
Events coming from Strata Logging Service |
pan_traffic<br> pan_threat<br> pan_system<br> pan_decryption<br> pan_spyware<br> pan_globalprotect<br> pan_wildfire<br> pan_correlation<br> pan_email<br> pan_data<br> pan_virus<br> pan_file<br> pan_url<br> pan_wildfire_malicious<br> pan_traffic_end<br> pan_traffic_start |
Network Traffic Intrusion Detection Authentication Alerts Network Traffic |
pan:iot_alert |
IoT Alerts events | pan_iot_alert |
Alerts |
pan:iot_vulnerability |
IoT Vulnerability events | pan_iot_vulnerability |
Vulnerabilities |
pan:pan_iot_device |
IoT Device Events | pan_iot_device |
Inventory |
pan:pan_xdr_incident |
Incidents from Cortex XDR | pan_xdr_incident<br> pan_xdr_incident_detailed |
Ticket Management |
pan:data:security |
Data Security events | pan_data_security_activitypan_data_securiy_incidentspan_data_security_remediationpan_data_security_policy_violation |
Alerts Ticket Management |