Source types for the Splunk Add-on for Palo Alto Networks¶
The Splunk Add-on for Palo Alto Networks has the following source types.
| Source type | Description | Event type | CIM data models |
|---|---|---|---|
pan:system |
PAN OS system events | pan_system pan_system_auth pan_system_alert pan_system_change |
Authentication Change |
pan:decryption |
PAN OS decryption events | pan_decryption |
Network Traffic |
pan:traffic |
PAN OS traffic events | pan_traffic pan_traffic_end pan_traffic_start |
Network Traffic |
pan:threat |
PAN OS threat events | pan_threat pan_file pan_url pan_email pan_data pan_virus pan_spyware |
Intrusion Detection |
pan:config |
PAN OS config events | pan_config |
Change |
pan:hipmatch |
PAN OS hipmatch events | pan_hipmatch |
|
pan:correlation |
PAN OS correlation events | pan_correlation |
Alerts |
pan:userid |
PAN OS userid events | pan_userid |
|
pan:globalprotect |
GLOBALPROTECT events | pan_global_protect |
Authentication |
pan:firewall_cloud |
Events coming from Strata Logging Service |
pan_traffic pan_threat pan_system pan_decryption pan_spyware pan_globalprotect pan_wildfire pan_correlation pan_email pan_data pan_virus pan_file pan_url pan_wildfire_malicious pan_traffic_end pan_traffic_start |
Network Traffic Intrusion Detection Authentication Alerts Network Traffic |
pan:iot_alert |
IoT Alerts events | pan_iot_alert |
Alerts |
pan:iot_vulnerability |
IoT Vulnerability events | pan_iot_vulnerability |
Vulnerabilities |
pan:pan_iot_device |
IoT Device Events | pan_iot_device |
Inventory |
pan:pan_xdr_incident |
Incidents from Cortex XDR | pan_xdr_incident pan_xdr_incident_detailed |
Ticket Management |
pan:data:security |
Data Security events | pan_data_security_activitypan_data_securiy_incidentspan_data_security_remediationpan_data_security_policy_violation |
Alerts Ticket Management |