refactor: PANW change Splunk quality PR

Author: btorresgil

Splunk_TA_paloalto/default/eventtypes.conf

@@ -14,12 +14,10 @@ search = sourcetype=pan_config OR sourcetype=pan:config
 #tags = change
 
 [pan_traffic]
-search = sourcetype=pan_traffic OR sourcetype=pan:traffic OR (sourcetype=pan:firewall_cloud AND LogType="TRAFFIC") AND log_subtype != "start"
-#tags = network communicate
+search = sourcetype=pan_traffic OR sourcetype=pan:traffic OR (sourcetype=pan:firewall_cloud AND LogType="TRAFFIC")
 
 [pan_traffic_start]
 search = sourcetype=pan_traffic OR sourcetype=pan:traffic OR (sourcetype=pan:firewall_cloud AND LogType="TRAFFIC") AND log_subtype="start"
-#tags = network session start
 
 [pan_traffic_end]
 search = sourcetype=pan_traffic OR sourcetype=pan:traffic OR (sourcetype=pan:firewall_cloud AND LogType="TRAFFIC") AND log_subtype="end"

Splunk_TA_paloalto/default/props.conf

@@ -323,7 +323,6 @@ EVAL-app = "Palo Alto Networks Firewall"
 EVAL-type = "event"
 EVAL-src = coalesce(src,src_ip)
 
-LOOKUP-system_change         = system_change log_subtype,action OUTPUTNEW change_type,result,status,command,object,object_category
 
 # GlobalProtect logs introduced in PANOS 9.1
 [pan_globalprotect]
@@ -383,7 +382,6 @@ EVAL-status = if(result=="Succeeded" OR result=="Submitted", "success", null)
 # Manually set log_subtype because it isn't in the log
 EVAL-log_subtype = "config"
 LOOKUP-vendor_info_for_pan_config = pan_vendor_info_lookup sourcetype OUTPUT vendor,product,vendor_product
-LOOKUP-config_change = config_change_lookup log_subtype,configuration_path OUTPUT action,change_type,object,object_attrs,object_cateogry
 
 
 [pan:hipmatch]

Splunk_TA_paloalto/default/transforms.conf

@@ -281,8 +281,3 @@ filename = minemeld_filethreatlist.csv
 
 [minemeld_urlthreatlist]
 filename = minemeld_urlthreatlist.csv
-
-[system_change]
-filename = pan_system_change.csv
-[config_change_lookup]
-filename = pan_config_change.csv