Skip to content

Source types for the Splunk Add-on for Palo Alto Networks

The Splunk Add-on for Palo Alto Networks has the following source types.

Source type Description Event type CIM data models
pan:system PAN OS system events pan_system
pan_system_auth
pan_system_alert
pan_system_change
Authentication
Change
pan:decryption PAN OS decryption events pan_decryption Network Traffic
pan:traffic PAN OS traffic events pan_traffic
pan_traffic_end
pan_traffic_start
Network Traffic
pan:threat PAN OS threat events pan_threat
pan_file pan_url
pan_email
pan_data
pan_virus
pan_spyware
Intrusion Detection
pan:config PAN OS config events pan_config Change
pan:hipmatch PAN OS hipmatch events pan_hipmatch
pan:correlation PAN OS correlation events pan_correlation Alerts
pan:userid PAN OS userid events pan_userid
pan:globalprotect GLOBALPROTECT events pan_global_protect Authentication
pan:firewall_cloud Events coming from
Strata Logging Service
pan_traffic
pan_threat
pan_system
pan_decryption
pan_spyware
pan_globalprotect
pan_wildfire
pan_correlation
pan_email
pan_data
pan_virus
pan_file
pan_url
pan_wildfire_malicious
pan_traffic_end
pan_traffic_start
Network Traffic
Intrusion Detection
Authentication
Alerts
Network Traffic
pan:iot_alert IoT Alerts events pan_iot_alert Alerts
pan:iot_vulnerability IoT Vulnerability events pan_iot_vulnerability Vulnerabilities
pan:pan_iot_device IoT Device Events pan_iot_device Inventory
pan:pan_xdr_incident Incidents from Cortex XDR pan_xdr_incident
pan_xdr_incident_detailed
Ticket Management
pan:data:security Data Security events pan_data_security_activity
pan_data_securiy_incidents
pan_data_security_remediation
pan_data_security_policy_violation
Alerts
Ticket Management