Apologies, need to clean up a few things in the .arb
Sorry this took so long, new .zip which will import just fine, it doesn't need to be an .arb file.
What is this? Why is there no description in this document? I'm new to Activate and need to know things like what the requirements are for installing this such as what logs need to be collected and how should assets be modeled. I have tons of Palo Alto logs. The zip doesn't even contain an .arb file!
Change the .zip ext to .arb
Thanks Mary - this is great!
I'm sorry. I still don't understand. The title of this post is:
The title of the download is:
In the download there is no arb file.
There is no words on this post at all to explain what this zip file is, how to install it, or any information period.
Victor Muska You will need to use the wiki for Activate to understand how to use a product package. They might even have some webinars or something to help you. Here is the link to the main Activate page: ArcSight Activate Framework
This is an entire framework that is layered, the Palo Alto package being one of many possible 3rd layer product packages. (The first 2 layers being the framwork base and the network/perimeter L1 solution package.)
As for this particular file, I know that there is an update in progress so a new version will be released at some point. In the interim, if you would like to use the package as-is, download the .zip file and change the .zip extension to .arb and then import it.
On the Activiate wiki, there is no mention of Palo Alto anywhere. This tells me it's not part of the official activate framework. Something like TippingPoint is. There's wiki articles for how to install the TippingPoint package, then also how to enable it once it's installed. Also, why isn't this package in the areas where the other Activate packages are? This area: ArcSight Activate Framework. Is that place only the location for officially supported packages?
I didn't understand you were indicating I need to rename the downloaded file to a different extension to get this to work. That kind of thing isn't in the Activate Wiki. At the last can you put that in the description of this? I just guessed at which filters I need to update. Because I'm new, and there's no documentation for the Palo Alto package, I can only guess that I did this right. Can you provide a list of filters that need to be updated to enable this? Such as the "All Firewall Deny Traffic" filter.
I have this installed and appreciate your work. I just wish there was better documentation for this to get me started in a successful way.
I'm guessing that your package is also the one available on the Arcsight Marketplace. Activate P-Palo Alto Networks PAN-OS | HPE Marketplace
Anyway, I was trying to figure out what to do with that zip file that I downloaded from Marketplace too when I found your comment here about changing the zip extension to an arb. I tried this and it worked and imported into my Activate stuff on ESM. Thanks for the tip!
Also...BTW...my package wasnt developed correctly using the package templates and I dont know if this was fixed by HP...I know now...mostly...how I should have done this...so fair warning.
One other thing...this was just a "first pass". Its mostly all system monitoring and not a lot of "Security Posture". That still needs to be developed.
Retrieving data ...