{"name":"Palo Alto Threat Content Pack","description":"Palo Alto Threat Content Pack","category":"Firewalls","inputs":[{"id":"5bc19093aa8afc1f630cc3e6","title":"Palo Alto Threat","configuration":{"expand_structured_data":false,"recv_buffer_size":262144,"port":10002,"override_source":null,"force_rdns":false,"allow_override_date":true,"bind_address":"0.0.0.0","store_full_message":false},"static_fields":{},"type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput","global":false,"extractors":[{"title":"System - Hostname","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"hostname","source_field":"message","configuration":{"index":1,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"System - Receive Time","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"receive_time","source_field":"message","configuration":{"index":2,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"System - Serial Number","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"serial_number","source_field":"message","configuration":{"index":3,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"System - Log Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"log_type","source_field":"message","configuration":{"index":4,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"System - Threat Type","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_type","source_field":"message","configuration":{"index":5,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Source IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_src_ip","source_field":"message","configuration":{"index":8,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Destination IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_dst_ip","source_field":"message","configuration":{"index":9,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session NAT Source IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_src_nat_ip","source_field":"message","configuration":{"index":10,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session NAT Destination IP","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_dst_nat_ip","source_field":"message","configuration":{"index":11,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Firewall Rule","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"firewall_rule","source_field":"message","configuration":{"index":12,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Application","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"application","source_field":"message","configuration":{"index":15,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Source Zone","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_src_zone","source_field":"message","configuration":{"index":17,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Destination Zone","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_dst_zone","source_field":"message","configuration":{"index":18,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Ingress Interface","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"ingress_interface","source_field":"message","configuration":{"index":19,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Egress Interface","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"egress_interface","source_field":"message","configuration":{"index":20,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Source Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_src_port","source_field":"message","configuration":{"index":25,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session Destination Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_dst_port","source_field":"message","configuration":{"index":26,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session NAT Source Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_src_nat_port","source_field":"message","configuration":{"index":27,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Session NAT Destination Port","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"session_dst_nat_port","source_field":"message","configuration":{"index":28,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - IP Protocol","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"ip_protocol","source_field":"message","configuration":{"index":30,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Action","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"action","source_field":"message","configuration":{"index":31,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_name","source_field":"message","configuration":{"index":32,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Content Name","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_content_name","source_field":"message","configuration":{"index":33,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - URL/Wildfire Category","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_category","source_field":"message","configuration":{"index":34,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Severity","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_severity","source_field":"message","configuration":{"index":35,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Attack Direction","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_direction","source_field":"message","configuration":{"index":36,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Source Country","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"source_country","source_field":"message","configuration":{"index":39,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Destination Country","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"destination_country","source_field":"message","configuration":{"index":40,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0},{"title":"Threat - Signature Category","type":"SPLIT_AND_INDEX","cursor_strategy":"COPY","target_field":"threat_signature_category","source_field":"message","configuration":{"index":71,"split_by":","},"converters":[],"condition_type":"NONE","condition_value":"","order":0}]}],"streams":[{"id":"5bc190faaa8afc1f630cc45e","title":"Palo Alto Threat","description":"FIrewall Threat Messages","disabled":false,"matching_type":"AND","stream_rules":[{"type":"EXACT","field":"log_type","value":"THREAT","inverted":false,"description":""}],"outputs":[],"default_stream":false}],"outputs":[],"dashboards":[],"grok_patterns":[],"lookup_tables":[],"lookup_caches":[],"lookup_data_adapters":[]}