{"name":"Palo Alto Networks - Firewall - Threat and system pack","description":"Graylog content pack for Palo Alto firewalls. This content pack contains: Input, Stream, extractors for THREAT and SYSTEM category logs, dashboards for threats and URL filtering.\n","category":"PaloAlto, Firewalls","inputs":[{"id":"5b0d50390136b11c8642ed44","title":"PaloAlto-Firewall-Syslog","configuration":{"expand_structured_data":false,"recv_buffer_size":262144,"port":5145,"override_source":null,"force_rdns":false,"allow_override_date":true,"bind_address":"0.0.0.0","store_full_message":false},"static_fields":{},"type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput","global":true,"extractors":[{"title":"System - Serial Number","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"serial_number","source_field":"message","configuration":{"index":3,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":2},{"title":"System - Receive Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"receive_time","source_field":"message","configuration":{"index":2,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":1},{"title":"System - Content/Threat Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"content/threat_type","source_field":"message","configuration":{"index":5,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":4},{"title":"System - Event ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"event_id","source_field":"message","configuration":{"index":9,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":8},{"title":"System - Virtual System","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"virtual_system","source_field":"message","configuration":{"index":8,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":7},{"title":"System - Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"type","source_field":"message","configuration":{"index":4,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":3},{"title":"System - Severity","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"severity","source_field":"message","configuration":{"index":14,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":13},{"title":"System - Generated Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"generated_time","source_field":"message","configuration":{"index":7,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":6},{"title":"System - Object","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"object","source_field":"message","configuration":{"index":10,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":9},{"title":"System - Module","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"module","source_field":"message","configuration":{"index":13,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":12},{"title":"System - Sequence Number","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"sequence_number","source_field":"message","configuration":{"index":16,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":15},{"title":"System - Device Group Hierarchy Level 1","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_1","source_field":"message","configuration":{"index":18,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":17},{"title":"System - Action Flags","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"action_flags","source_field":"message","configuration":{"index":17,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":16},{"title":"System - Device Group Hierarchy Level 2","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_2","source_field":"message","configuration":{"index":19,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":18},{"title":"System - Device Group Hierarchy Level 3","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_3","source_field":"message","configuration":{"index":20,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":19},{"title":"System - Description","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"description","source_field":"message","configuration":{"index":15,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":14},{"title":"System - Device Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_name","source_field":"message","configuration":{"index":23,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":22},{"title":"System - Device Group Hierarchy Level 4","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_4","source_field":"message","configuration":{"index":21,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":20},{"title":"System - Virtual System Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"virtual_system_name","source_field":"message","configuration":{"index":22,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"SYSTEM","order":21},{"title":"Threat - Serial Number","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"serial_number","source_field":"message","configuration":{"index":3,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":2},{"title":"Threat - Receive Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"receive_time","source_field":"message","configuration":{"index":2,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":1},{"title":"Threat - Destination IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_ip","source_field":"message","configuration":{"index":9,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":8},{"title":"Threat - Source IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_ip","source_field":"message","configuration":{"index":8,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":7},{"title":"Threat - Generated Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"generated_time","source_field":"message","configuration":{"index":7,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":6},{"title":"Threat - Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"type","source_field":"message","configuration":{"index":4,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":3},{"title":"Threat - Threat or Content Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_or_content_type","source_field":"message","configuration":{"index":5,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":4},{"title":"Threat - NAT Source IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"nat_source_ip","source_field":"message","configuration":{"index":10,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":9},{"title":"Threat - NAT Destination IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"nat_destination_ip","source_field":"message","configuration":{"index":11,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":10},{"title":"Threat - Rule Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"rule_name","source_field":"message","configuration":{"index":12,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":11},{"title":"Threat - Source User","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_user","source_field":"message","configuration":{"index":13,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":12},{"title":"Threat - Destination User","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_user","source_field":"message","configuration":{"index":14,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":13},{"title":"Threat - Application","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"application","source_field":"message","configuration":{"index":15,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":14},{"title":"Threat - Virtual System","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"virtual_system","source_field":"message","configuration":{"index":16,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":15},{"title":"Threat - Inbound Interface","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"inbound_interface","source_field":"message","configuration":{"index":19,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":18},{"title":"Threat - Destination Zone","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_zone","source_field":"message","configuration":{"index":18,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":17},{"title":"Threat - Outbound Interface","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"outbound_interface","source_field":"message","configuration":{"index":20,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":19},{"title":"Threat - Log Action","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"log_action","source_field":"message","configuration":{"index":21,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":20},{"title":"Threat - Session ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_id","source_field":"message","configuration":{"index":23,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":22},{"title":"Threat - Source Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_port","source_field":"message","configuration":{"index":25,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":24},{"title":"Threat - Repeat Count","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"repeat_count","source_field":"message","configuration":{"index":24,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":23},{"title":"Threat - Destination Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_port","source_field":"message","configuration":{"index":26,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":25},{"title":"Threat - NAT Source Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"nat_source_port","source_field":"message","configuration":{"index":27,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":26},{"title":"Threat - NAT Destination Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"nat_destination_port","source_field":"message","configuration":{"index":28,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":27},{"title":"Threat - Flags","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"flags","source_field":"message","configuration":{"index":29,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":28},{"title":"Threat - Protocol","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"protocol","source_field":"message","configuration":{"index":30,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":29},{"title":"Threat - Action","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"action","source_field":"message","configuration":{"index":31,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":30},{"title":"Threat - URL or Filename","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"url_or_filename","source_field":"message","configuration":{"index":32,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":31},{"title":"Threat - Category","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"category","source_field":"message","configuration":{"index":34,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":33},{"title":"Threat - Threat ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_id","source_field":"message","configuration":{"index":33,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":32},{"title":"Threat - Severity","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"severity","source_field":"message","configuration":{"index":35,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":34},{"title":"Threat - Direction","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"direction","source_field":"message","configuration":{"index":36,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":35},{"title":"Threat - Sequence Number","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"sequence_number","source_field":"message","configuration":{"index":37,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":36},{"title":"Threat - Action Flags","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"action_flags","source_field":"message","configuration":{"index":38,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":37},{"title":"Threat - Source Location","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_location","source_field":"message","configuration":{"index":39,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":38},{"title":"Threat - Content Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"content_type","source_field":"message","configuration":{"index":42,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":41},{"title":"Threat - PCAP_ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"pcap_id","source_field":"message","configuration":{"index":43,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":42},{"title":"Threat - Destination Location","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_location","source_field":"message","configuration":{"index":40,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":39},{"title":"Threat - File Digest","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"file_digest","source_field":"message","configuration":{"index":44,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":43},{"title":"Threat - Cloud","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"cloud","source_field":"message","configuration":{"index":45,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":44},{"title":"Threat - URL Index","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"url_index","source_field":"message","configuration":{"index":46,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":45},{"title":"Threat - User Agent","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"user_agent","source_field":"message","configuration":{"index":47,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":46},{"title":"Threat - File Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"file_type","source_field":"message","configuration":{"index":48,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":47},{"title":"Threat - Referer","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"referer","source_field":"message","configuration":{"index":50,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":49},{"title":"Threat - X-Forwarded-For","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"x-forwarded-for","source_field":"message","configuration":{"index":49,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":48},{"title":"Threat - Sender","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"sender","source_field":"message","configuration":{"index":51,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":50},{"title":"Threat - Subject","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"subject","source_field":"message","configuration":{"index":52,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":51},{"title":"Threat - Device Group Hierarchy Level 1","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_1","source_field":"message","configuration":{"index":55,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":54},{"title":"Threat - Report ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"report_id","source_field":"message","configuration":{"index":54,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":53},{"title":"Threat - Recipient","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"recipient","source_field":"message","configuration":{"index":53,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":52},{"title":"Threat - Device Group Hierarchy Level 2","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_2","source_field":"message","configuration":{"index":56,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":55},{"title":"Threat - Device Group Hierarchy Level 4","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_4","source_field":"message","configuration":{"index":58,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":57},{"title":"Threat - Device Group Hierarchy Level 3","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_group_hierarchy_level_3","source_field":"message","configuration":{"index":57,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":56},{"title":"Threat - Virtual System Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"virtual_system_name","source_field":"message","configuration":{"index":59,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":58},{"title":"Threat - Device Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"device_name","source_field":"message","configuration":{"index":60,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":59},{"title":"Threat - HTTP Method","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"http_method","source_field":"message","configuration":{"index":64,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":63},{"title":"Threat - Source VM UUID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_vm_uuid","source_field":"message","configuration":{"index":62,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":61},{"title":"Threat - Destination VM UUID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_vm_uuid","source_field":"message","configuration":{"index":63,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":62},{"title":"Threat - Tunnel ID or IMSI","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"tunnel_id_or_imsi","source_field":"message","configuration":{"index":65,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":64},{"title":"Threat - Parent Session ID","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"parent_session_id","source_field":"message","configuration":{"index":67,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":66},{"title":"Threat - Monitor Tag or IMEI","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"monitor_tag_or_imei","source_field":"message","configuration":{"index":66,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":65},{"title":"Threat - Parent Start Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"parent_start_time","source_field":"message","configuration":{"index":68,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":67},{"title":"Threat - Tunnel Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"tunnel_type","source_field":"message","configuration":{"index":69,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":68},{"title":"Threat - Source Zone","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_zone","source_field":"message","configuration":{"index":17,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":16},{"title":"Threat - Threat Category","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_category","source_field":"message","configuration":{"index":70,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":69},{"title":"Threat - Content Version","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"content_version","source_field":"message","configuration":{"index":71,"split_by":","},"converters":[],"condition_type":"STRING","condition_value":"THREAT","order":70}]}],"streams":[{"id":"5a8ebacc43818f204d033847","title":"Palo Alto devices","description":"Palo Alto Networks logging","disabled":false,"matching_type":"AND","stream_rules":[{"type":"EXACT","field":"gl2_source_input","value":"5b0d50390136b11c8642ed44","inverted":false,"description":"PAN stream match."}],"outputs":[],"default_stream":false}],"outputs":[],"dashboards":[{"title":"Palo Alto - Firewall - URL Filtering Summary (24h)","description":"PAN URL Filtering Summary ","dashboard_widgets":[{"description":"Blocked Requests","type":"SEARCH_RESULT_CHART","cache_time":60,"configuration":{"timerange":{"type":"relative","range":86400},"interval":"minute","query":"Type:THREAT AND Subtype:url AND NOT (Action:alert OR Action:allow)"},"col":1,"row":5,"height":1,"width":2},{"description":"Allowed Requests","type":"SEARCH_RESULT_COUNT","cache_time":60,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":false,"trend":false,"query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)"},"col":4,"row":1,"height":1,"width":1},{"description":"Blocked Requests","type":"SEARCH_RESULT_COUNT","cache_time":60,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":false,"trend":false,"query":"type:THREAT AND threat_or_content_type:url AND NOT (action:alert OR action:allow)"},"col":4,"row":5,"height":1,"width":1},{"description":"Allowed by category","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"category","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":1,"height":3,"width":1},{"description":"Allowed by source IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"source_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":2,"height":3,"width":1},{"description":"Allowed by user","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"source_user","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":2,"height":3,"width":1},{"description":"Allowed by URL","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"url_or_filename","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":2,"height":3,"width":1},{"description":"Allowed requests","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"interval":"week","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND (action:alert OR action:allow)"},"col":1,"row":1,"height":1,"width":2},{"description":"Blocked by URL","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"url_or_filename","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND NOT (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":6,"height":3,"width":1},{"description":"Blocked by user","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"source_user","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND NOT (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":6,"height":3,"width":1},{"description":"Blocked by category","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"category","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND NOT (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":4,"height":3,"width":1},{"description":"Blocked by source IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":2592000},"field":"source_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND threat_or_content_type:url AND NOT (action:alert OR action:allow)","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":6,"height":3,"width":1}]},{"title":"Palo Alto - Firewall - Threat Summary - High & Critical (24h)","description":"PAN Threat Summary - High & Critical","dashboard_widgets":[{"description":"Critical & High Threats","type":"SEARCH_RESULT_COUNT","cache_time":60,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":true,"trend":true,"query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file"},"col":4,"row":1,"height":1,"width":1},{"description":"By severity","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"severity","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":2,"height":3,"width":1},{"description":"By threat ID","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"threat_id","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":1,"height":3,"width":1},{"description":"By destination IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"destination_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":3,"height":3,"width":1},{"description":"By source IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"source_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":3,"height":3,"width":1},{"description":"By ingress","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"inbound_interface","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":6,"height":3,"width":1},{"description":"By egress","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"outbound_interface","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":6,"height":3,"width":1},{"description":"By application","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"application","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":4,"height":3,"width":1},{"description":"By action","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"action","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":5,"height":3,"width":1},{"description":"Critical & High Threats","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"interval":"hour","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:high OR severity:critical) AND NOT threat_or_content_type:file"},"col":1,"row":1,"height":1,"width":2}]},{"title":"Palo Alto - Firewall - Warnings & errors","description":"Summary warnings and errors on Palo Alto firewalls","dashboard_widgets":[{"description":"Top errors","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"Description","stream_id":"5a8ebacc43818f204d033847","query":"level:[1 TO 3]","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":2,"height":3,"width":1},{"description":"Top warnings","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"Description","stream_id":"5a8ebacc43818f204d033847","query":"level:[4 TO *]","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":2,"height":3,"width":1},{"description":"Total warnings","type":"STREAM_SEARCH_RESULT_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":true,"stream_id":"5a8ebacc43818f204d033847","trend":true,"query":"level:4"},"col":3,"row":2,"height":1,"width":1},{"description":"Warning per time of day","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"interval":"hour","stream_id":"5a8ebacc43818f204d033847","query":"level:[4 TO *]"},"col":3,"row":1,"height":1,"width":2},{"description":"Errors by time of day","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"interval":"hour","stream_id":"5a8ebacc43818f204d033847","query":"level:[1 TO 3]"},"col":1,"row":1,"height":1,"width":2},{"description":"Total errors","type":"STREAM_SEARCH_RESULT_COUNT","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":true,"stream_id":"5a8ebacc43818f204d033847","trend":true,"query":"level:[1 TO 3]"},"col":1,"row":2,"height":1,"width":1}]},{"title":"Palo Alto - Firewall - Threat Summary","description":"PAN Threat Summary ","dashboard_widgets":[{"description":"Threats","type":"SEARCH_RESULT_COUNT","cache_time":60,"configuration":{"timerange":{"type":"relative","range":86400},"lower_is_better":true,"trend":true,"query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file"},"col":4,"row":1,"height":1,"width":1},{"description":"By threat ID","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"threat_id","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":1,"height":3,"width":1},{"description":"By destination IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"destination_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":3,"height":3,"width":1},{"description":"By source IP","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"source_ip","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":3,"height":3,"width":1},{"description":"By severity","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"severity","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":2,"height":3,"width":1},{"description":"By action","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"action","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":4,"row":5,"height":3,"width":1},{"description":"By application","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"application","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":3,"row":4,"height":3,"width":1},{"description":"By egress","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"outbound_interface","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":2,"row":6,"height":3,"width":1},{"description":"By ingress","type":"QUICKVALUES","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"field":"inbound_interface","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file","show_data_table":true,"limit":5,"show_pie_chart":true,"sort_order":"desc","stacked_fields":"","data_table_limit":50},"col":1,"row":6,"height":3,"width":1},{"description":"Threats","type":"SEARCH_RESULT_CHART","cache_time":10,"configuration":{"timerange":{"type":"relative","range":86400},"interval":"hour","stream_id":"5a8ebacc43818f204d033847","query":"type:THREAT AND NOT threat_id:\\(9999\\) AND (severity:informational OR severity:low OR severity:medium OR severity:high OR severity:critical) AND NOT threat_or_content_type:file"},"col":1,"row":1,"height":1,"width":2}]}],"grok_patterns":[],"lookup_tables":[],"lookup_caches":[],"lookup_data_adapters":[]}