Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to create a report that includes only SSL decrypted traffic - Knowledge Base - Palo Alto Networks

How to create a report that includes only SSL decrypted traffic

0
Created On 09/25/18 19:30 PM - Last Modified 07/19/22 23:11 PM


Resolution


To create a report that includes only SSL decrypted traffic follow the steps below:

 

Steps

  1. Go to Monitor > Manage Custom Reports and click Add
  2. Enter the name of the report in Name field and select Database Detailed logs (Slower) Traffic
  3. Select the desired Time Frame
  4. Select Sort By and Group By as determined
  5. In selected columns add Source Address, Destination Address, Flags, and Session ID
  6. Create a specific query in order to filter the output
    1. Under the Attribute column select Flags
    2. Under the Operator column select has
    3. Under the Value column select SSL proxy
    4. Click Add
  7. Click OK and commit this configuration
  8. Open the custom report and select the option Run Now
    Capture.PNG

Note: If you would like to use this report as a scheduled report, you need to make sure that the Scheduled checkbox is selected.

 

See also

SSL decryption resource list

The SSL decryption resource list has a long list of articles dealing with SSL decryption only. 

 

owner: npoprzen



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZICA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail