Release history for the Splunk Add-on for Palo Alto Networks¶
Version 3.0.1 is the latest version of the Splunk Add-on for Palo Alto Networks. See Release Notes for the latest updates.
Version 3.0.0¶
Version 3.0.0 of the Splunk Add-on for Palo Alto Networks was released on Nov 05, 2025. It was tested with the following software, CIM versions, and platforms:
| Component | Description |
|---|---|
| Splunk platform versions | 9.1.x, 9.2.x, 9.3.x, 9.4.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS, Data Security |
New features¶
- Added new endpoints support in Cortex XDR input to collect management audit logs. Introduced a new sourcetype:
pan:xdr:auditandpan:xdr:mgmt:audit. - Added compatibility with the default log formats of the latest product version 11.0.
- Enhance lookup to extract few new fields — block-override, override, override-lockout, random-drop, and syncookie-sent.
- Added CIM support for new sourcetypes pan:userid and pan:hipmatch.
- The Account field in Cortex XDR inputs now also supports numeric values within the XDR tenant.
Breaking Changes¶
- Modified the data model for security detections to align with ESCU content.
- Renamed following sourcetypes as per standard practices:
pan:xdr_incidentrenamed topan:xdr:incidentpan:firewall_cloudrenamed topan:firewall:cloud
- Added sourcetype routing for
pan:firewall_cloudevents based on the LogType field, similar to the routing used for syslog events (for example,pan:firewall_cloudwith LogType “traffic”, the sourcetype would bepan:traffic:cloud)
Fixed issues¶
Version 3.0.0 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Known issues¶
Version 3.0.0 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks
Version 2.0.2¶
Version 2.0.2 of the Splunk Add-on for Palo Alto Networks was released on Sep 1, 2025. It was tested with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.1.x, 9.2.x, 9.3.x, 9.4.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS, Data Security |
Fixed issues¶
Version 2.0.2 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Known issues¶
Version 2.0.2 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks
Version 2.0.1¶
Version 2.0.1 of the Splunk Add-on for Palo Alto Networks was released on May 23, 2025. It was tested with the following software, CIM versions, and platforms.
| Splunk platform versions | 9.1.x, 9.2.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS |
Fixed issues¶
Version 2.0.1 of the Splunk Add-on for Palo Alto Networks contains the following fixed issues, if any.
Known issues¶
Version 2.0.1 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks
Version 2.0.0¶
| Component | Description |
|---|---|
| Splunk platform versions | 9.1.x, 9.2.x, 9.3.x, 9.4.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS, Data Security |
New features¶
- New modular input “Data Security”
- New events for CIM normalization
- Alert action for tagging IPs and users
- Custom search command to update lookup tables
- FedRAMP certification
Known issues¶
Version 2.0.0 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks
Version 1.0.1¶
Version 1.0.1 of the Splunk Add-on for Palo Alto Networks was released on November 12, 2024. It was tested with the following software, CIM versions, and platforms:
| Component | Description |
|---|---|
| Splunk platform versions | 9.1.x, 9.2.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS |
Fixed issues¶
Version 1.0.1 of the Splunk Add-on for Palo Alto Networks contains the following fixed issues, if any.
Known issues¶
Version 1.0.1 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks
Version 1.0.0¶
Version 1.0.0 of the Splunk Add-on for Palo Alto Networks was released on October 2, 2024. It was tested with the following software, CIM versions, and platforms:
| Component | Description |
|---|---|
| Splunk platform versions | 9.1, 9.2 |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, IoT Security, NGFW, Strata Logging Service, PAN-OS |
New features¶
Version 1.0.0 of the Splunk Add-on for Palo Alto Networks has the following new features:
- Modular inputs for IoT Security & Cortex XDR
- Monitoring Dashboard
- CIM normalization for supported vendor products
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks for v1.0.0