ABC: https://docs.paloaltonetworks.com/best-practices/10-1/user-id-best-practices/user-id-best-practices/user-id-best-practices-for-dynamic-user-groups Identity the user information sources for the tags: Firewall logs For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile and use the Built-In Actions. For User-ID, HIP Match, GlobalProtect, and IP-Tag logs, configure the log settings. Cortex XSOAR Security Information and Event Management Systems (SIEMS), such as Splunk Custom API scripts

https://docs.paloaltonetworks.com/best-practices/10-1/user-id-best-practices/user-id-best-practices/user-id-best-practices-for-dynamic-user-groups

Options ABC

Firewall logs: The firewall can use auto-tagging to automatically add or remove members of dynamic user groups based on events in the logs12. Custom API scripts: To dynamically register tags, you can use the XML API123. Security Information and Event Management Systems (SIEMS), such as Splunk: While not explicitly mentioned, SIEM systems could potentially interact with the Palo Alto Networks firewall via the XML API to dynamically register tags123. Therefore, the correct options from your list would be A, B, and C. Options D and E are not typically used as information sources for tagging users to dynamic user groups in Palo Alto PAN-OS

https://docs.paloaltonetworks.com/best-practices/10-1/user-id-best-practices/user-id-best-practices/user-id-best-practices-for-dynamic-user-groups

https://docs.paloaltonetworks.com/best-practices/10-1/user-id-best-practices/user-id-best-practices/user-id-best-practices-for-dynamic-user-groups

A B C logically