Palo Alto Networks App for Splunk
Overview
Details
Palo Alto Networks App for Splunk leverages the data visibility provided by the Palo Alto Networks security platform with Splunk's extensive investigation and visualization capabilities to deliver advanced security reporting and analysis. This app enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective. Complicated incident analysis that previously consumed days of manual and error-prone data mining can now be automated, saving not only manpower but also enabling key enterprise security resources to focus on critical, time-sensitive investigations.
Palo Alto Networks App for Splunk
Authors: Brian Torres-Gil and Paul Nguyen - Palo Alto Networks
Upgrading from 4.x to 5.x? Use the Upgrade Guide:
http://pansplunk.readthedocs.io/en/latest/upgrade.html
Documentation
Installation and Getting Started: http://pansplunk.readthedocs.io/en/latest/getting_started.html
Release Notes: http://pansplunk.readthedocs.io/en/latest/release_notes.html
Support: http://pansplunk.readthedocs.io/en/latest/support.html
Release Notes
Version 5.4.0
v5.4.0
* Endpoint Operations Dashboard
* Endpoint Security Dashboard
* Endpoint Dashboard support new Traps 3.4 fields
* Support for AutoFocus Remote Search via External Search Handler
* Support for Firewall Log Link via External Search Handler
* Improved AutoFocus cross launch
Version 5.3.1
v5.3.1
- Changes made to meet new certification requirements
v5.3.0
- GlobalProtect Dashboard
- Other updates are in the Add-on (https://splunkbase.splunk.com/app/2757)
Important App Upgrade Notes
- App 5.3.x requires Add-on 3.7.x
- The App setup screen has moved to the Add-on. If you has previous set firewall credentials or a WildFire API key in the App setup screen, you’ll need to set them in the Add-on setup screen. See Step 2: Initial Setup in the Getting Started Guide.
- Datamodel acceleration might rebuild itself after installation due to updated constraints
- Eventtype pan_threat no longer includes these log_subtypes: url, data, file, and wildfire. You might need to update custom searches or panels you created that leverage the pan_threat eventtype. There are new eventtypes for each of the removed log_subtypes: pan_url, pan_data, pan_file, and pan_wildfire.
Version 5.2.0
* App Certified by Splunk
Note: As a certification requirement, this version drops support for Splunk 6.1 and earlier, and removes deprecated commands (**panblock** and **panupdate**). If you are using Splunk 6.1, please upgrade Splunk to 6.2 or higher before upgrading this App. If you are using panblock or panupdate, please use pantag and panuserupdate instead before upgrading this App.