Lookups for the Splunk Add-on for Palo Alto Networks¶
The Splunk Add-on for Palo Alto Networks contains the following CSV lookup files.
These CSV lookups represent mappings defined in Palo Alto’s documentation that provide information as human readable strings for certain event field values.
The lookup files map certain fields to retrieve more information about threats or applications. Use the following path to locate the lookup files: $SPLUNK_HOME/etc/apps/Splunk_TA_paloalto_networks/lookups.
See the following list of lookup files:
| Filename |
|---|
| app_list.csv |
| endpoint_actions.csv |
| ip_classifications.csv |
| pan_vendor_actions_300.csv |
| pan_vendor_info.csv |
| sanctioned_saas.csv |
| threat_list.csv |
| system_actions.csv |