Source types for Splunk Add-on for Palo Alto Networks

Source types for the Splunk Add-on for Palo Alto Networks

The Splunk Add-on for Palo Alto Networks has the following sourcetypes.

Sourcetype	Description	Event type	CIM data models
pan:system	PAN OS system events	pan_system pan_system_auth pan_system_alert pan_system_change	Authentication Change
pan:decryption	PAN OS decryption events	pan_decryption	Network Traffic
pan:traffic	PAN OS traffic events	pan_traffic pan_traffic_end pan_traffic_start	Network Traffic Network Traffic Network Traffic
pan:threat	PAN OS threat events	pan_threat pan_file pan_url pan_email pan_data pan_virus pan_spyware	Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection
pan:config	PAN OS config events	pan_config	Change
pan:hipmatch	PAN OS hipmatch events	pan_hipmatch
pan:correlation	PAN OS correlation events	pan_correlation	Alerts
pan:userid	PAN OS userid events	pan_userid
pan:globalprotect	GLOBALPROTECT events	pan_global_protect	Authentication
pan:firewall_cloud	Events coming from Strata Logging Service	pan_traffic pan_threat pan_system pan_decryption pan_spyware pan_globalprotect pan_wildfire pan_correlation pan_email pan_data pan_virus pan_file pan_url pan_wildfire_malicious pan_traffic_end pan_traffic_start	Network Traffic Intrusion Detection Intrusion Detection Network Traffic Intrusion Detection Authentication Intrusion Detection Alerts Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Network Traffic Network Traffic
pan:iot_alert	IoT Alerts events	pan_iot_alert	Alerts
pan:iot_vulnerability	IoT Vulnerability events	pan_iot_vulnerability	Vulnerabilities
pan:pan_iot_device	IoT Device Events	pan_iot_device	Inventory
pan:pan_xdr_incident	Incidents from Cortex XDR	pan_xdr_incident pan_xdr_incident_detailed	Ticket Management Ticket Management