I am trying to create an IPv4 indicator list based on PAN-OS threat logs.
Below is the rule code attached to the syslogminer class stdlib.syslogMiner.
- type == 'THREAT'
Unfortunately all the IP addresses are withdrawn.
I think you have mixed prototype attributes and rule attributes, that's the reason age_out policy is ignored. The following setting should be in the syslog Miner prototype:
age_out: default: last_seen+30d interval: 1800 sudden_death: false attributes: confidence: 50 type: IPv4 config: share_level: green
Getting, Error validating, no "conditions" in rule
Not able to apply the rule with out any conditions.
Need a rule to list and keep the IP indicators for 30 days or more.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!