Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[panw] Parse URL from domain_edl category threat logs #11837

Merged
merged 3 commits into from
Dec 7, 2024

Conversation

mjwolf
Copy link
Contributor

@mjwolf mjwolf commented Nov 22, 2024

Proposed commit message

In PAN-OS threat logs, when threat_category is 'domain_edl', the misc field will contain a URL. This change adds parsing of the URL for this case.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

In threat logs, when threat_category is 'domain_edl', the misc field will
contain a URL. This adds parsing of the URL for this case.
@mjwolf mjwolf added enhancement New feature or request Integration:panw Palo Alto Next-Gen Firewall Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Nov 22, 2024
@mjwolf mjwolf requested a review from a team as a code owner November 22, 2024 21:59
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@mjwolf mjwolf enabled auto-merge (squash) November 22, 2024 21:59
@elastic-vault-github-plugin-prod

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@mjwolf mjwolf merged commit 42bd8ea into elastic:main Dec 7, 2024
5 checks passed
@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-vault-github-plugin-prod

Package panw - 4.2.0 containing this change is available at https://epr.elastic.co/package/panw/4.2.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Integration:panw Palo Alto Next-Gen Firewall Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[PANW]: Missing parsing of the suspicious domain and DNS query in the threat logs
3 participants