From df58f2b29fe421907b78dacf3a1e25880e68cada Mon Sep 17 00:00:00 2001
From: phmazzoni <phmazzoni@gmail.com>
Date: Thu, 27 May 2021 17:24:58 -0300
Subject: [PATCH 1/2] Disabling some field correlations

Disabling some field correlations to avoid excessive number of events
---
 objects/paloalto-threat-event/definition.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json
index 6089c25..dd48b48 100644
--- a/objects/paloalto-threat-event/definition.json
+++ b/objects/paloalto-threat-event/definition.json
@@ -2,16 +2,19 @@
   "attributes": {
     "app": {
       "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "direction": {
       "description": "The Direction of the Event.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "dport": {
       "description": "The port to which the connection headed.",
+      "disable_correlation": true,
       "misp-attribute": "counter",
       "ui-priority": 1
     },
@@ -22,16 +25,19 @@
     },
     "dstloc": {
       "description": "The Destination Location of the event.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "proto": {
       "description": "The transport protocol (e.g. tcp, udp, icmp).",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "sport": {
       "description": "The port from which the connection originated.",
+      "disable_correlation": true,
       "misp-attribute": "counter",
       "ui-priority": 1
     },
@@ -42,31 +48,37 @@
     },
     "srcloc": {
       "description": "The Source Location of the event.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "subtype": {
       "description": "The subtype of the Log Event.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "thr_category": {
       "description": "The Threat Category.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "threatid": {
       "description": "The Threat ID.",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "time_generated": {
       "description": "The datetime of the event.",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     },
     "type": {
       "description": "The type of the Log Event",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
     }
@@ -76,4 +88,4 @@
   "name": "paloalto-threat-event",
   "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
   "version": 5
-}
\ No newline at end of file
+}

From b6366988f46881dd6c316cdfd7ba0922d49f5617 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 28 May 2021 23:07:49 +0200
Subject: [PATCH 2/2] chg: [paloalto-threat-event] fix newline

---
 objects/paloalto-threat-event/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json
index dd48b48..81ab487 100644
--- a/objects/paloalto-threat-event/definition.json
+++ b/objects/paloalto-threat-event/definition.json
@@ -88,4 +88,4 @@
   "name": "paloalto-threat-event",
   "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
   "version": 5
-}
+}
\ No newline at end of file