cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Incorrect URL Category Displaying In Syslog

L2 Linker

Hello,

 

Since we have enabled Insufficient-content (PAN-DB) as a URL category a few weeks ago, some of these URL category logs are displaying in Syslog as an old Brightcloud category called Unconfirmed-Spam-Sources. We have not used Brightcloud for years. Looking to see if anyone has any ideas of what we can do to remedy this issue.

 

-We have attempted to clear the cache for specific URL/IPs that are being displayed as Unconfirmed-spam-sources, this did not fix the issue. 

-We confirmed that the logs under the Monitor tab in PAN are showing correctly as Insufficient-content, however when sent through Syslog, on the syslog servers it shows Unconfirmed-Spam-Sources.

-We confirmed that our SIEM does not change the category URL fields or any fields for that matter.

-Confirmed through CLI that URL DB is set for paloaltonetworks, and not brightcloud.

-Appears to only be happening on 1 of our firewalls. All of the firewalls have an active PAN-DB license that is not expired.

-What makes this even more weird is that Unconfirmed-spam-sources is no longer a category for BrightCloud, they changed the name to SPAM URLs. 

 

Thanks for any other ideas.

 

-Rags

 

Who Me Too'd this topic