[panw] Allow / to be optional in url (elastic#9688)

milan-elastic · Apr 24, 2024 · 122c0a1 · 122c0a1
1 parent 2729329
commit 122c0a1
Show file tree

Hide file tree

Showing 7 changed files with 1,066 additions and 18 deletions.
diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.24.4"
+  changes:
+    - description: Make / in url optional
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/9688
 - version: "3.24.3"
   changes:
     - description: Allow apostrophes in usernames

diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log
@@ -196,3 +196,9 @@ Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/1
 Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,x-fwd-for: 10.10.10.50,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,
 Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_domainname\\src-user#name,dst_domainname\\dst-user#name,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,
 Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_domain..name\\src-user#name,dst_domain..name\\dst-user#name,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,
+Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,"keyvalueservice.icloud.com",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," CUC_Apple,online-storage-and-backup,low-risk",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,ssl,no,no,_reportid
+Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,"keyvalueservice.icloud.com?q=30",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," CUC_Apple,online-storage-and-backup,low-risk",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,ssl,no,no,_reportid
+Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,"keyvalueservice.icloud.com:443?q=30",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," CUC_Apple,online-storage-and-backup,low-risk",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,ssl,no,no,_reportid
+Apr 9 16:57:37 PA5250 1,2024/04/09 11:00:29,123456789012,THREAT,url,2561,2024/04/09 11:00:29,10.154.247.224,192.168.4.4,192.168.72.187,192.168.4.4,A_ANY_L7A_surf-Good internet appl PUBNET-Open Internet,,,ssl,vsys1,Open Internet,Internet-PUBNET,ae1.898,ethernet1/16.451,Panorama-Elastic,2024/04/09 11:00:29,2552174,1,57241,443,6226,443,0x403400,tcp,block-url,"dns.google",(9999),encrypted-dns,informational,client-to-server,7341108846081879882,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,"encrypted-dns,computer-and-internet-info,low-risk",f27e631a-d0b9-4d01-bdfa-e955076d9a21,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T11:00:29.812+02:00,,,,encrypted-tunnel,networking,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,ssl,no,no,_reportid
+Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,url,2561,2024/04/09 20:43:29,192.168.72.187,192.168.110.104,0.0.0.0,0.0.0.0,A_SRC_ANY_DMZ-Public-to-Internet,,,google-base,vsys1,Internet,Internet,ethernet1/15.451,ae2.497,Panorama-Elastic,2024/04/09 20:43:29,3853754,1,12235,80,0,0,0xb000,tcp,alert,"www.google.com/",(9999),search-engines,informational,client-to-server,7341108846134004297,0x8000000000000000,Belgium,United States,,text/html,0,,,1,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," CUC_OCP4_worker-nodes,search-engines,low-risk",a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:30.719+02:00,,,,internet-utility,general-internet,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,google-base,no,no,_reportid
+Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,url,2561,2024/04/09 20:43:29,192.168.72.187,192.168.110.104,0.0.0.0,0.0.0.0,A_SRC_ANY_DMZ-Public-to-Internet,,,google-base,vsys1,Internet,Internet,ethernet1/15.451,ae2.497,Panorama-Elastic,2024/04/09 20:43:29,3853754,1,12235,80,0,0,0xb000,tcp,alert,"www.google.com:80/",(9999),search-engines,informational,client-to-server,7341108846134004297,0x8000000000000000,Belgium,United States,,text/html,0,,,1,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," CUC_OCP4_worker-nodes,search-engines,low-risk",a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:30.719+02:00,,,,internet-utility,general-internet,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,google-base,no,no,_reportid