I would like to add a dynamic lookup on my splunk dashboard so that when an IP is entered it displays not only the traffic logs for the user but also the ip user mapping and any groups the user belongs to, we have the pantag and panuserupdate working but this is more of a pull from the firewall instead of push to the firewall:
**inet-fw01(active)> show user ip-user-mapping ip 10.2.2.142
IP address: 10.2.2.142 (vsys1)
User: us\myuser
From: UIA
Idle Timeout: 43017s
Max. TTL: 43017s
Groups that the user belongs to (used in policy)
Group(s): us\inet-standard-access**
↧