The customer uses SpanVA datasource to receive Palo Alto log files in CSV format. The customer also has the SpanVA IP filtering option enabled. However, the traffic log is not getting processed and shows failed on the Datasource Details tab in the CloudSOC.

Currently, this affects SpanVA 1.15.3.150.0-18rc and 1.15.3.151.0-8rc

The IP Filter flag causes the SpanVA to remove some logs along with the headers of the file, but the Audit requires headers to be present, otherwise, the file will be considered an invalid file format.

The current workaround is to turn off the IP Filtering option while the CloudSOC engineering team works to resolve this issue in future SpanVA releases.