Hi, everyone
I have been working with Palo Alto and Filebeat over several days. I have looked on Elastic documentation that it currently supports messages of Traffic and Threat types.
Is it considered to parsing User-ID type ? I would like to get it because it provides information about login and logouts of usernames.
Thanks in advance,
Rodrigo
Hi!
You can find the fields that this module populates/handles at Palo Alto Networks module | Filebeat Reference [7.12] | Elastic and panw fields | Filebeat Reference [7.12] | Elastic.
If you think the information you are interested into is not included in the supported fields right now please go ahead and open a Github issue for the team to request adding it.
C.
Hello @RdrgPorto and @ChrsMark ,
We too are very much interested in extending / improving the Palo Alto datasets... Not only for userid, but also for globalprotect and system logs.
Another important question I've been asking is when we can expect the panw module to go out of beta? The module is imho our most important dataset and it has been in beta since the beginning. I also created multiple issue with the existing threat and traffic data
Please please dedicate some resources into the panw module, so that it finally becomes a supported and trusted dataset which covers all panw event types.
Best regards,
Willem
Thank you all!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
,