Replies: 2 comments
-
Hi iivvss, Did you get any feedback about this? Best Regards. |
Beta Was this translation helpful? Give feedback.
0 replies
-
Hi Team, I'm having this same issue. Splunk is fantastic for correlating data. To correlate with XDR, we must have the get_incident_extra_data to pull information. I have a ticket open with Palo Alto proper and they referred me here. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi Team,
We are using the Palo Alto Networks Add-on for Splunk and it's working fine. We are also pulling the Cortex XDR incidents through API. The incidents hold a fair amount of data but we miss some fields that would be avalable using the get_incident_extra_data API method.
I saw something was implemented in the input_module_cortex_xdr.py but the function calls are commented:
As I am using splunkcloud, i don't have access to the .py files and can't uncomment this. Do you plan to release a way to enable / disable this through the add-on configuration menu ?
Kind regards,
Yves
Beta Was this translation helpful? Give feedback.
All reactions