Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Palo Alto Networks App for Splunk
MD5 checksum (palo-alto-networks-app-for-splunk_520.tgz) bc3bb0390781af24c0a562db025bf383 MD5 checksum (palo-alto-networks-app-for-splunk_510.tgz) 2d510d526d33dec2f003ffba4ce777f6 MD5 checksum (palo-alto-networks-app-for-splunk_501.tgz) 49d7105570861d73b1a4d1d28aa4440c MD5 checksum (palo-alto-networks-app-for-splunk_500.tgz) 755a42cd7db265f2997328d8d7b97e59 MD5 checksum (palo-alto-networks-app-for-splunk_422.tgz) fbb92a0a7f9a817a8fa1750d0177df4b MD5 checksum (palo-alto-networks-app-for-splunk_421.tgz) af154a3f7cce24573e7b8aeefa6b81b9 MD5 checksum (palo-alto-networks-app-for-splunk_42.tgz) 52fe929241cfa310d1d6b5137121c98c MD5 checksum (palo-alto-networks-app-for-splunk_413.tgz) d2f44905b3e564e9b3d78c0f5a887e05 MD5 checksum (palo-alto-networks-app-for-splunk_412.tgz) 09ed6fb0c4f6b35e5b1b4e7ebceb7aef MD5 checksum (palo-alto-networks-app-for-splunk_411.tgz) e6243de3be2f37856b4789fbe9ff567e MD5 checksum (palo-alto-networks-app-for-splunk_41.tgz) ff8c1c85d7adecbcc5732a8f381694d1 MD5 checksum (palo-alto-networks-app-for-splunk_402.tgz) 1ae0fcf64d216dfba8c7b544dc8a95f2 MD5 checksum (palo-alto-networks-app-for-splunk_401.tgz) 9d7ed98b42f42d5ece4327aa76c3c3ba MD5 checksum (palo-alto-networks-app-for-splunk_40.tgz) 9dace5135da9bfcf9005d40ac48a2831 MD5 checksum (palo-alto-networks-app-for-splunk_34.tgz) 8ed8e2100f620bc2a93cde0bd019d758 MD5 checksum (palo-alto-networks-app-for-splunk_332.tgz) 6224f4bed8651b162613b7688fad5da2 MD5 checksum (palo-alto-networks-app-for-splunk_331.tgz) 90113ea65743ccf7e2cd949e8d246713 MD5 checksum (palo-alto-networks-app-for-splunk_33.tgz) f04607f4bcb21240127d5cc5af072069 MD5 checksum (palo-alto-networks-app-for-splunk_321.tgz) e04c296dc52cd70357cf5cd3a0f786d4 MD5 checksum (palo-alto-networks-app-for-splunk_32.tgz) 6262d4ac69461654d157fad730bf9366 MD5 checksum (palo-alto-networks-app-for-splunk_30.tgz) 2d63af6bd4e33a48f3068eb6a6b7e328 MD5 checksum (palo-alto-networks-app-for-splunk_30-beta.tgz) b823e35ef2a8931ccd626922ba94c31c MD5 checksum (palo-alto-networks-app-for-splunk_25.tgz) 6d1d31b9f1b29db806c4d35a15f40039 MD5 checksum (palo-alto-networks-app-for-splunk_23.zip) e6ca4ef858ae50afd3a36890d393ae21 MD5 checksum (palo-alto-networks-app-for-splunk_221.zip) 9921dec4568e966ee74693d417545570 MD5 checksum (palo-alto-networks-app-for-splunk_22.zip) 45ced72e18c3ef1b84b19d1a7997b4a1 MD5 checksum (palo-alto-networks-app-for-splunk_201.tgz) ada1b086a8ba8544e66d65a6ee34743c MD5 checksum (palo-alto-networks-app-for-splunk_20.zip) 456b01631422412af8523f548e26afbd MD5 checksum (palo-alto-networks-app-for-splunk_120.tgz) 4ad1024e9bca2fa314f80efb18fda0c7 MD5 checksum (palo-alto-networks-app-for-splunk_102.tgz) c255c1f118347b12830a5943cfc36bab MD5 checksum (palo-alto-networks-app-for-splunk_101.tgz) 8c90218e342c590acfffc7a9920631e6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Description required

Palo Alto Networks App for Splunk

Splunk Certified
Overview
Details
Palo Alto Networks and Splunk have partnered to deliver an advanced security reporting and analysis tool. The collaboration delivers operational reporting as well as simplified and configurable dashboard views across Palo Alto Networks family of next-generation firewalls.

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks firewalls with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool. This app enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective. Complicated incident analysis that previously consumed days of manual and error-prone data mining can now be completed in a fraction of the time, saving not only manpower but also enabling key enterprise security resources to focus on critical, time-sensitive investigations.

Palo Alto Networks App for Splunk

Author: Brian Torres-Gil - Palo Alto Networks

Upgrading to version 5.0.0? Use the Upgrade Guide:
http://pansplunk.readthedocs.org/en/latest/upgrade.html

Documentation:
http://pansplunk.readthedocs.org/

Installation and Setup:
http://pansplunk.readthedocs.org/en/latest/getting_started.html

Release Notes:
http://pansplunk.readthedocs.org/en/latest/release_notes.html

Support:
http://pansplunk.readthedocs.org/en/latest/support.html

Release Notes

Version: 5.2.0

* App Certified by Splunk Note: As a certification requirement, this version drops support for Splunk 6.1 and earlier, and removes deprecated commands (**panblock** and **panupdate**). If you are using Splunk 6.1, please upgrade Splunk to 6.2 or higher before upgrading this App. If you are using panblock or panupdate, please use pantag and panuserupdate instead before upgrading this App.

July 7, 2016, 10:58 p.m.

Platform Independent

6.4, 6.3, 6.2

Version: 5.1.0

* Datamodel updated to support new Traps 3.3.2 fields * Endpoint Dashboard updated to support new Traps 3.3.2 fields WARNING: Traps versions before 3.3.2 are no longer supported beginning with this App version

April 22, 2016, 6:21 a.m.

Platform Independent

6.4, 6.3, 6.2, 6.1

Version: 5.0.1

Review the Upgrade Guide to migrate to version 5.0.x from 4.x. See the Documentation tab. 5.0.x is a major release that re-architects the Palo Alto Networks App by splitting it into an App and an Add-on. The Palo Alto Networks Add-on is included in the Palo Alto Networks App and is installed or upgraded automatically with the App. Fixes in 5.0.1: * Fix error when using pantag command with single firewall * Fix error when using pancontentpack command * Improved searchbar command logging

Feb. 4, 2016, 12:08 a.m.

Platform Independent

6.3, 6.2, 6.1

Version: 5.0.0

Review the Upgrade Guide to migrate to version 5.0.0. See the Documentation tab. This major release re-architects the Palo Alto Networks App by splitting it into an App and an Add-on. The Palo Alto Networks Add-on is included in the Palo Alto Networks App and is installed or upgraded automatically with the App. In addition to the new Palo Alto Networks Add-on, this version also has new features: * New SaaS dashboard with un/sanctioned SaaS detection * CIM 4.x compliance * Optimized datamodel for better performance and storage efficiency * Logs are no longer required to be stored in the pan_logs index * Auto update script for app and threat lookup tables * New panuserupdate command for User-ID updates * Enhanced pantag command to leverage log data for tags * Both commands now support Panorama and VSYS targets, and are more efficient and scalable * Better command documentation * Changed from CC license to ISC license * All new documentation website at http://pansplunk.readthedocs.org

Nov. 13, 2015, 6:12 p.m.

Platform Independent

6.3, 6.2, 6.1

Version: 4.2.2

- Fix drilldowns in Wildfire and Content dashboards - Fix panel in Content dashboard to display correct data

Aug. 10, 2015, 7:43 p.m.

Platform Independent

6.3, 6.2, 6.1, 6.0

Version: 4.2.1

- Fix Wildfire Report downloader and Applipedia New App check - Fix Wildfire Dashboard Drilldowns - Fix Threat Details Dashboard datamodel reference - Fix Endpoint Dashboard would not work on Splunk 6.0.x - Fix time range inconsistent on Overview Dashboard - Fix issue where Endpoint Dashboard disappears if Netflow is enabled.

Feb. 10, 2015, 8:51 p.m.

Platform Independent

6.2, 6.1, 6.0

Version: 4.2

Version 4.2 - New Palo Alto Networks [Advanced Endpoint Protection](http://media.paloaltonetworks.com/lp/traps/) - Support Palo Alto Networks [PAN-OS 6.1](https://www.paloaltonetworks.com/documentation/61/pan-os/newfeaturesguide.html)

Nov. 18, 2014, 7:35 a.m.

Platform Independent

6.2, 6.1, 6.0

Version: 4.1.3

- Special commands (panblock, panupdate, pantag) now available from other apps - Fix issue with unknown lookup errors during search - Fix issue with meta scope and global namespace

Oct. 16, 2014, 5:44 p.m.

Platform Independent

6.2, 6.1, 6.0

Version: 4.1.2

- Fix some Threat dashboard drilldowns - Fix scope of CIM fields to remove conflict with some apps - Remove macros from datamodel that were causing slower acceleration Note: changes to datamodel in this version may require the acceleration index to be rebuilt before data will show up in the dashboards

Oct. 10, 2014, 9:09 p.m.

Platform Independent

6.1, 6.0

Version: 4.1.1

Version 4.1.1 - Handle new fields in latest PAN-OS syslogs and WildFire reports - Significant improvements to indexing efficiency - Improved handling of Dynamic Address Group tagging - Improvements and minor updates for Splunk 6.1.x - Fix minor dashboard issues - Fix minor field parsing issue

May 22, 2014, 3:56 a.m.

Platform Independent

6.1, 6.0

Version: 4.1

Version 4.1 If upgrading from a previous version, please read the __Upgrade Notes__ in the documentation. - PAN-OS Data model including acceleration - Data model accelerated dashboards (replaces TSIDX-based dashboards) - New command: `pantag` - tag IP addresses on the firewall into Dynamic Address Groups - IP Classification - add metadata to your CIDR blocks, classifying them as internet/external/dmz/datacenter/etc. - Applipedia change notifications and highlighting - know when Palo Alto Networks releases new application signatures and if those applications are on your network

April 2, 2014, 7:06 p.m.

Platform Independent

6.0

Version: 4.0.2

- Fix: Overview dashboard optimizations - Fix: Top Applications panel would sometimes show error - Fix: Traffic dashboard form filter works

March 27, 2014, 11:31 p.m.

Platform Independent

6.0

Version: 4.0.1

Version 4.0.1 - Fix: Config dashboard shows all events - Fix: Better handling of navbar changes Version 4.0 - Splunk 6 support - Dashboards converted to Splunk 6 SimpleXML, meaning dashboards can now: ---- Print ---- Export as pdf ---- Produce scheduled reports ---- Use pre-populated dropdowns in filters ---- Change using SplunkWeb by editing the panels - Maps converted to Splunk 6 built-in maps (removes dependencies on other apps) - Updated navbar including icons and colors

Nov. 7, 2013, 11:12 p.m.

Platform Independent

6.0

Version: 4.0

Version 4.0 - Splunk 6 support - Dashboards converted to Splunk 6 SimpleXML, meaning dashboards can now: ---- Print ---- Export as pdf ---- Produce scheduled reports ---- Use pre-populated dropdowns in filters ---- Change using SplunkWeb by editing the panels - Maps converted to Splunk 6 built-in maps (removes dependencies on other apps - Updated navbar including icons and colors

Oct. 21, 2013, 6:20 p.m.

Platform Independent

6.0

Version: 3.4

- NetFlow support using NetFlow Integrator, a 3rd party program from NetFlow Logic - New set of dashboards, charts and graphs centered around NetFlow records from Palo Alto Networks devices - App-ID and User-ID information is available in NetFlow records Download a 30-day free trial of NetFlow Integrator at https://www.netflowlogic.com/downloads Steps to configure NetFlow are available in the NetFlow section of the app documentation.

Sept. 19, 2013, 8:54 p.m.

Platform Independent

5.0

Version: 3.3.2

Version 3.3.2 - Fix: URL in WildFire dashboard corrected - Fix: Overview dashboard colors were gray on some servers, set back to white - Fix: Corrected description fields in commands.conf that resulted in log errors - Fix: Corrected sourcetype in inputs.conf.sample Version 3.3.1 - Fix: App setup screen allows blank values - Fix: Several GUI fixes and enhancements Version 3.3 - Malware analysis reports from the WildFire Cloud are dynamically downloaded and indexed when a WildFire log is received from a firewall. - WildFire dashboard - Recent WildFire events - Graphs of WildFire statistical data - Detect compromised hosts using malware behavior to traffic log correlation

Sept. 12, 2013, 6:18 p.m.

Platform Independent

5.0

Version: 3.3.1

- Fix: App setup screen allows blank values - Fix: Several GUI fixes and enhancements And features from version 3.3 - Malware analysis reports from the WildFire Cloud are dynamically downloaded and indexed when a WildFire log is received from a firewall. - WildFire dashboard - Recent WildFire events - Graphs of WildFire statistical data - Detect compromised hosts using malware behavior to traffic log correlation Note: Malware analysis report retrieval requires a WildFire API Key from https://wildfire.paloaltonetworks.com

July 27, 2013, 7:48 p.m.

Platform Independent

5.0

Version: 3.3

- Malware analysis reports from the WildFire Cloud are dynamically downloaded and indexed when a WildFire log is received from a firewall. - WildFire dashboard - Recent WildFire events - Graphs of WildFire statistical data - Detect compromised hosts using malware behavior to traffic log correlation Note: Malware analysis report retrieval requires a WildFire API Key from https://wildfire.paloaltonetworks.com

July 22, 2013, 10:28 p.m.

Platform Independent

5.0

Version: 3.2.1

Bug Fixes: savedsearches.conf: changed hard coded index=pan_logs to `pan_index` in scheduled searches. Thanks to Genti Zaimi for finding the issue and providing the fix pan_overview_switcher_maps.xml: modified geoip search to include localop to force the search to run on the searchhead. Thanks to Genti Zaimi for identifying the problem and providing the fix

June 7, 2013, 8:44 p.m.

Platform Independent

5.0

Version: 3.2

Major improvements on drilldowns in charts - Greets to Joel Bennett Added a setup.xml Palo Alto device credentials. Bug Fix: panupdate custom command; removed hardcoded IP for panorama. Greets to Jeff Hillon and Palo Alto Networks teams for identifying this issue and helping to test the fix.

May 9, 2013, 4:39 p.m.

Platform Independent

5.0

Version: 3.0

- Completely redone searches for views and dashboards - Significant performance improvements for dashboards and views - A new Threat Detail Dashboard - Threat Overview fields auto-update filter and auto-redirect to Threat Detail - panblock: Custom Command to add/remove host/address objects from the PAN firewall - panupdate: Custom Command to add User-ID and IP mapping in PAN - Removed summary indexing - Overview page runs on base index - Pan Log sourcetype now visible in web ui for adding new inputs - Added new app icon - Remove submit button from web usage report page - Main landing page runs on pan_index macro Known Issues - Drill down from charts goes to a table view and not flashtimeline view

Feb. 24, 2013, 8:34 a.m.

Platform Independent

5.0

Version: 3.0 Beta

Completely redone searches for views and dashboards Significant performance improvements for dashboards and views A new Threat Detail Dashboard Threat Overview fields auto-update filter and auto-redirect to Threat Detail Custom Command to add/remove host/address objects from the PAN firewall Removed summary indexing Overview page runs on base index Pan Log sourcetype now visible in web ui for adding new inputs Added new app icon Remove submit button from web usage report page Main landing page runs on pan_index macro

Feb. 13, 2013, 9:03 a.m.

Platform Independent

5.0

Version: 2.5

Fixed: Web dashboard doesn't render Fixed: pan_traffic macro doesn't produce results Fixed: TRANSFORM- to TRANSFORMS- in props.conf Fixed: Ingress/Egress interface labeling errors Fixed: Sometimes the main dashboard's single value font matches background Request: Make app installable via the web ui Request: Change macros definitions to include base index other than pan_logs Request: Allow for custom index to be inherited automatically. works on all view except for landing page Request: Disable summary indexing Request: Add a README file to the app

Dec. 20, 2012, 9:20 a.m.

Platform Independent

5.0

Version: 2.3

App is now CIM compliant. Many thanks to Jim Hansen for this effort.

Sept. 7, 2012, 7:41 p.m.

Platform Independent

5.0

Version: 2.2.1

Updated timestamp extraction. Updated Sourcetyping to accommodate PA-2050 threat events (thanks to Andy Stovall for highlighting this.)

Aug. 10, 2012, 1:10 a.m.

Platform Independent

5.0

Version: 2.2

FIXED: dangling MAX_TIMESTAMP_LOOKAHEAD in props.conf; causing app conflict (Thanks to Tat-Wee Kan for bringing this up) FIXED: traffic search in traffic_overview dashboard to include 'Action' as a parameter Added: default indexes.conf

July 4, 2012, 9:35 p.m.

Platform Independent

5.0

Version: 2.0.1

Removed Inputs.conf from local Added Screenhot.jpg Updated REAME instructions for adding inputs

June 6, 2012, 5:41 a.m.

Platform Independent

5.0

Version: 2.0

- Updated Install instructions. Please see README for installation instructions and dependencies - All fields specified in the Palo Alto Networks log specification have been extracted. - Dashboards have been enhanced. - Added filters for views include: user, vsys and admin - Summary indexed dashboards with drill down - Added multiple new dashboards. Including: URL Filtering, Data Filtering and Content Filtering. - Updated the threat list and app lists - Capability to use online (google) or offline (ammap) maps. - App is HTML 5 compliant. It has been tested to run successfully on iPads and Android phones.

June 4, 2012, 6:17 p.m.

Platform Independent

5.0

Version: 1.2.0

- App now works with 4.2.x - Updated lookup (app_list.csv and threat_list.csv) - Added print option for User Web Activity

June 2, 2011, 3:35 a.m.

Platform Independent

5.0

Version: 1.0.2

- Added additional steps to README.txt. - Typo fixes.

Feb. 16, 2011, 9:42 p.m.

Platform Independent

5.0

Version: 1.0.1

Feb. 15, 2011, 12:47 a.m.

Platform Independent

5.0

1,716
Installs
24,779
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
5.2.0
Category
IT Operations
Security, Fraud & Compliance
Product Support
Splunk Enterprise
Content Type
App
Splunk Versions
6.4
6.3
6.2
Licensing
ISC License
Platforms
Platform Independent
Built by
Brian Torres-Gil
Contact Developer
Subscribe Share

Splunk Certified

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2016 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.