I have been working with Palo Alto and Filebeat over several days. I have looked on Elastic documentation that it currently supports messages of Traffic and Threat types.
Is it considered to parsing User-ID type ? I would like to get it because it provides information about login and logouts of usernames.
We too are very much interested in extending / improving the Palo Alto datasets... Not only for userid, but also for globalprotect and system logs.
Another important question I've been asking is when we can expect the panw module to go out of beta? The module is imho our most important dataset and it has been in beta since the beginning. I also created multiple issue with the existing threat and traffic data
Please please dedicate some resources into the panw module, so that it finally becomes a supported and trusted dataset which covers all panw event types.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.