Source types for the Splunk Add-on for Palo Alto Networks¶
The Splunk Add-on for Palo Alto Networks has the following source types.
| Source type | Description | Event type | CIM data models |
|---|---|---|---|
pan:system |
PAN OS system events | pan_systempan_system_authpan_system_alertpan_system_change |
Authentication Change |
pan:decryption |
PAN OS decryption events | pan_decryption |
Network Traffic |
pan:traffic |
PAN OS traffic events | pan_trafficpan_traffic_endpan_traffic_start |
Network Traffic |
pan:threat |
PAN OS threat events | pan_threatpan_file pan_urlpan_emailpan_datapan_viruspan_spyware |
Intrusion Detection Web |
pan:config |
PAN OS config events | pan_config |
Change |
pan:hipmatch |
PAN OS hipmatch events | pan_hipmatch |
Intrusion Detection |
pan:correlation |
PAN OS correlation events | pan_correlation |
Alerts |
pan:userid |
PAN OS userid events | pan_userid pan_userid_loginpan_userid_logout |
Authentication Change |
pan:globalprotect |
GLOBALPROTECT events | pan_global_protect |
Authentication |
pan:firewall:cloud |
Events coming from Strata Logging Service |
pan_trafficpan_threatpan_systempan_decryptionpan_spywarepan_globalprotectpan_wildfirepan_correlationpan_emailpan_datapan_viruspan_filepan_urlpan_wildfire_maliciouspan_traffic_endpan_traffic_start |
Network Traffic Intrusion Detection Authentication Alerts |
pan:threat:cloud |
pan:firewall:cloud events with LogType THREAT |
pan_firewallpan_threatpan_filepan_urlpan_datapan_viruspan_spywarepan_wildfire_maliciouspan_wildfirepan_email |
Web Intrusion Detection |
pan:traffic:cloud |
pan:firewall:cloud events with LogType TRAFFIC |
pan_firewallpan_trafficpan_traffic_startpan_traffic_end |
Network Traffic Intrusion Detection |
pan:system:cloud |
pan:firewall:cloud events with LogType SYSTEM |
pan_firewallpan_systempan_system_authpan_system_alert pan_system_change |
Authentication |
pan:config:cloud |
pan:firewall:cloud events with LogType CONFIG |
pan_firewallpan_config |
Change |
pan:globalprotect:cloud |
pan:firewall:cloud events with LogType GLOBALPROTECT |
pan_firewallpan_globalprotect |
Authentication |
pan:decryption:cloud |
pan:firewall:cloud events with LogType DECRYPTION |
pan_firewall pan_decryption |
Network Traffic |
pan:iot_alert |
IoT Alerts events | pan_iot_alert |
Alerts |
pan:pan_iot_device |
IoT Device Events | pan_iot_device |
Inventory |
pan:data:security |
Data Security events | pan_data_security_activity pan_data_securiy_incidentspan_data_security_remediationpan_data_security_policy_violation |
Alerts Ticket Management |
pan:xdr:incident |
Cortex XDR Incidents | pan_xdr_incidentpan_xdr_incident_detailed |
Ticket Management |
pan:xdr:incident:alert |
Cortex XDR Incident alerts | pan_xdr_incident_alert |
Alerts |