Lookups
Lookups for the Splunk Add-on for Palo Alto Networks¶
The Splunk Add-on for Palo Alto Networks contains the following CSV lookup files.
These CSV lookups represent mappings defined in Palo Alto’s documentation that provide information as human readable strings for certain event field values.
The lookup files map certain fields to retrieve more information about threats or applications. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_paloalto_networks/lookups.
| Filename |
|---|
| app_list.csv |
| endpoint_actions.csv |
| ip_classifications.csv |
| pan_vendor_actions.csv |
| pan_vendor_info.csv |
| sanctioned_saas.csv |
| threat_list.csv |
| system_actions.csv |