Release notes for the Splunk Add-on for Palo Alto Networks¶
About this release¶
Version 3.1.0 of the Splunk Add-on for Palo Alto Networks was released on May 22, 2026. It was tested with the following software, CIM versions, and platforms:
| Component | Description |
|---|---|
| Splunk platform versions | 9.1.x, 9.2.x, 9.3.x, 9.4.x, 10.0.x, 10.1.x, 10.2.x, 10.3.x, 10.4.x |
| CIM | 5.x |
| Platforms | Platform independent |
| Vendor Products | Cortex XDR, Device Security (former IoT Security), NGFW, Strata Logging Service, PAN-OS, Data Security |
New features¶
Version 3.1.0 of the Splunk Add-on for Palo Alto Networks has the following new features:
- Added Collect Alerts checkbox to the Cortex XDR modular input. Alerts are fetched via the
get_alerts_multi_eventsAPI with pagination and rate-limit handling, and indexed as sourcetypepan:xdr:alert. - Added Collect Endpoints checkbox to the Cortex XDR modular input. All endpoints are fetched with pagination and indexed as sourcetype
pan:xdr:endpoint. - Full CIM mappings for
pan:xdr:alert— Intrusion Detection (IDS_Attacks host-based). - Full CIM mappings for
pan:xdr:endpoint— Inventory datamodel. - Checkpoint mechanism for alert and endpoint inputs to track last-fetched position across restarts.
Fixed issues¶
Version 3.1.0 of the Splunk Add-on for Palo Alto Networks contains the following fixed issues, if any.
Known issues¶
Version 3.1.0 of the Splunk Add-on for Palo Alto Networks contains the following known issues, if any.
Third-party software attributions¶
Third-party software attributions for the Splunk Add-on for Palo Alto Networks