3.7.1

• Changes made to meet new certification requirements

3.7.0

• Integration with new Splunk Adaptive Response
• Tag to dynamic address group using modular actions and Adaptive Response
• Submit URL’s from any log in Splunk to WildFire
• Logs with malware hashes have a new event action that links directly to that hash in Autofocus
• Improved tagging for Splunk Enterprise Security, based on customer feedback
• New parser for GlobalProtect logs

Important Add-on Upgrade Notes

• Eventtype pan_threat no longer includes these log_subtypes: url, data, file, and wildfire.
  You might need to update custom searches or panels you created that leverage
  the pan_threat eventtype. There are new eventtypes for each of the removed log_subtypes:
  pan_url, pan_data, pan_file, and pan_wildfire.

3.6.1

• Certified by Splunk
• Add logo files for Splunkbase

3.6.0

• Support new Traps 3.3.2 log format

WARNING: Traps versions before 3.3.2 are no longer supported beginning with this Add-on version

3.5.2

• Fix issue where endpoint logs would show up in CIM apps, but not Palo Alto Networks app

3.5.1

• Add support for PAN-OS 7.0 new fields
• Add hip-match log type from Firewall and Panorama
• Add sourcetype category
• Add Sanctioned SaaS lookup table (see Un/Sanctioned SaaS Detection)
• Update app_list.csv and threat_list.csv lookup tables with new format and data
• Fix incorrect value in report_id field for Wildfire logs in PAN-OS 6.1 or higher
• Fix src_category field should be dest_category