Since we have enabled Insufficient-content (PAN-DB) as a URL category a few weeks ago, some of these URL category logs are displaying in Syslog as an old Brightcloud category called Unconfirmed-Spam-Sources. We have not used Brightcloud for years. Looking to see if anyone has any ideas of what we can do to remedy this issue.
-We have attempted to clear the cache for specific URL/IPs that are being displayed as Unconfirmed-spam-sources, this did not fix the issue.
-We confirmed that the logs under the Monitor tab in PAN are showing correctly as Insufficient-content, however when sent through Syslog, on the syslog servers it shows Unconfirmed-Spam-Sources.
-We confirmed that our SIEM does not change the category URL fields or any fields for that matter.
-Confirmed through CLI that URL DB is set for paloaltonetworks, and not brightcloud.
-Appears to only be happening on 1 of our firewalls. All of the firewalls have an active PAN-DB license that is not expired.
-What makes this even more weird is that Unconfirmed-spam-sources is no longer a category for BrightCloud, they changed the name to SPAM URLs.
Thanks for any other ideas.