Skip to content
This repository has been archived by the owner on Dec 14, 2024. It is now read-only.

Commit

Permalink
Checking in Difference from Export from AOB
Browse files Browse the repository at this point in the history
  • Loading branch information
Paul Nguyen committed May 22, 2024
1 parent 1f28105 commit 9143e23
Show file tree
Hide file tree
Showing 18 changed files with 72 additions and 239 deletions.
1 change: 1 addition & 0 deletions Splunk_TA_paloalto/README.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This is an add-on powered by the Splunk Add-on Builder.
2 changes: 2 additions & 0 deletions Splunk_TA_paloalto/VERSION
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
8.1.0R0fc6bef
8.1.0R0fc6bef
1 change: 0 additions & 1 deletion Splunk_TA_paloalto/aob_events_in_meta.json
View file

This file was deleted.

128 changes: 53 additions & 75 deletions Splunk_TA_paloalto/app.manifest
View file
Original file line number Diff line number Diff line change
@@ -1,78 +1,56 @@
{
"schemaVersion": "2.0.0",
"info": {
"title": "Palo Alto Networks Add-on for Splunk",
"id": {
"group": null,
"name": "Splunk_TA_paloalto",
"version": "0.0.0-develop"
"schemaVersion": "2.0.0",
"info": {
"title": "Palo Alto Networks Add-on for Splunk",
"id": {
"group": null,
"name": "Splunk_TA_paloalto",
"version": "0.0.0.develop"
},
"author": [
{
"name": "Palo Alto Networks",
"email": null,
"company": null
}
],
"releaseDate": null,
"description": "",
"classification": {
"intendedAudience": null,
"categories": [],
"developmentStatus": null
},
"commonInformationModels": null,
"license": {
"name": null,
"text": null,
"uri": null
},
"privacyPolicy": {
"name": null,
"text": null,
"uri": null
},
"releaseNotes": {
"name": null,
"text": null,
"uri": null
}
},
"author": [
{
"name": "Palo Alto Networks",
"email": "[email protected]",
"company": "Palo Alto Networks"
}
],
"releaseDate": null,
"description": "The Palo Alto Networks Add-on allows a Splunk Enterprise administrator to collect data from Palo Alto Networks Next-Generation Firewall devices, Panorama, Advanced Endpoint Protection, Aperture SaaS Security, AutoFocus Threat Intelligence, and MineMeld.",
"classification": {
"intendedAudience": "IT Professionals",
"categories": [
"IT Operations",
"Security, Fraud & Compliance"
],
"developmentStatus": "Alpha"
},
"commonInformationModels": {
"Authentication":"4.19.0",
"Alert":"4.19.0",
"Change":"4.19.0",
"Endpoint":"4.19.0",
"Network Traffic":"4.19.0",
"Malware":"4.19.0",
"Intrusion Detection":"4.19.0",
"Network Sessions":"4.19.0",
"Web":"4.19.0"
},
"license": {
"name": null,
"text": null,
"uri": null
"dependencies": {},
"tasks": [],
"inputGroups": {},
"incompatibleApps": {},
"platformRequirements": {
"splunk": {
"Enterprise": "*"
}
},
"privacyPolicy": {
"name": null,
"text": null,
"uri": null
},
"releaseNotes": {
"name": null,
"text": "./README.md",
"uri": null
}
},
"dependencies": {},
"tasks": [
"autofocus_export",
"aperture",
"minemeld_feed",
"iot_security"
],
"inputGroups": {},
"incompatibleApps": {},
"platformRequirements": {
"splunk": {
"Enterprise": "*"
}
},
"supportedDeployments": [
"_standalone",
"_distributed",
"_search_head_clustering"
],
"targetWorkloads": [
"_search_heads",
"_indexers",
"_forwarders"
]
}
"supportedDeployments": [
"*"
],
"targetWorkloads": [
"*"
]
}
5 changes: 0 additions & 5 deletions Splunk_TA_paloalto/bin/lib/pan-python/.gitignore
View file

This file was deleted.

21 changes: 0 additions & 21 deletions Splunk_TA_paloalto/bin/lib/pandevice/.editorconfig
View file

This file was deleted.

19 changes: 0 additions & 19 deletions Splunk_TA_paloalto/bin/lib/pandevice/.flake8.ini
View file

This file was deleted.

80 changes: 0 additions & 80 deletions Splunk_TA_paloalto/bin/lib/pandevice/.gitignore
View file

This file was deleted.

3 changes: 0 additions & 3 deletions Splunk_TA_paloalto/bin/lib/pandevice/.hound.yml
View file

This file was deleted.

26 changes: 0 additions & 26 deletions Splunk_TA_paloalto/bin/lib/pandevice/.travis.yml
View file

This file was deleted.

Empty file removed Splunk_TA_paloalto/bin/lib/pandevice/docs/_static/.gitkeep
View file
Empty file.
13 changes: 9 additions & 4 deletions Splunk_TA_paloalto/default/app.conf
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
[install]
is_configured = false
state = enabled
build = 000develop0
build = 1698367618
splunk_supported = 9.0,8.2,8.1
cim_supported = 5.x,4.x

[launcher]
author = Palo Alto Networks
version = 0.0.0-develop
version = 8.1.0R0fc6bef
description = The Palo Alto Networks Add-on allows a Splunk Enterprise administrator to collect data from Palo Alto Networks Next-Generation Firewall devices, Panorama, Advanced Endpoint Protection, Aperture SaaS Security, AutoFocus Threat Intelligence, and MineMeld.

[ui]
is_visible = 1
label = Palo Alto Networks Add-on
is_visible = false
label = Palo Alto Networks Add-on for Splunk

[package]
id = Splunk_TA_paloalto
Expand All @@ -23,3 +23,8 @@ reload.addon_builder = simple
reload.splunk_ta_paloalto_account = simple
reload.splunk_ta_paloalto_settings = simple
reload.passwords = simple

[id]
version = 8.1.0R0fc6bef
name = Splunk_TA_paloalto

8 changes: 4 additions & 4 deletions Splunk_TA_paloalto/default/data/ui/nav/default.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<nav search_view="search" color="#FFFFFF">
<view name="inputs" default="true" />
<view name="configuration"/>
<view name="health"/>
<view name="search" label="Search"/>
<view name="inputs" default="true" />
<view name="configuration"/>
<view name="health"/>
<view name="search" label="Search"/>
</nav>
4 changes: 3 additions & 1 deletion Splunk_TA_paloalto/default/props.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ FIELDALIAS-fwcloud_session_id = SessionID as session_id
EVAL-severity = coalesce(Severity, VendorSeverity)
FIELDALIAS-fwcloud_signature = ThreatName as signature
FIELDALIAS-fwcloud_signature_id = ThreatID as signature_id
EVAL-src = coalesce(SourceAddress, PublicIPv4)
FIELDALIAS-fwcloud_src = SourceAddress as src
FIELDALIAS-fwcloud_src_host = SourceDeviceHost as src_host
FIELDALIAS-fwcloud_src_interface = InboundInterface as src_interface
EVAL-src_ip = coalesce(SourceAddress, PublicIPv4)
Expand All @@ -98,6 +98,8 @@ FIELDALIAS-fwcloud_vsys_id = VirtualSystemID as vsys_id
FIELDALIAS-fwcloud_vsys_name = VirtualSystemName as vsys_name

LOOKUP-vendor_action = pan_vendor_action_lookup vendor_action OUTPUT action
FIELDALIAS-src_for_pan_cloud = src_ip as src
FIELDALIAS-dest_for_pan_cloud = dest_ip as dest
FIELDALIAS-dvc_for_pan_cloud = host as dvc

EVAL-dest_name = replace(dest_hostname, "^([^:/]+).*", "\1")
Expand Down
Binary file modified Splunk_TA_paloalto/static/appIcon.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Splunk_TA_paloalto/static/appIconAlt.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Splunk_TA_paloalto/static/appIconAlt_2x.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Splunk_TA_paloalto/static/appIcon_2x.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 9143e23

Please sign in to comment.