Palo Alto Networks Knowledgebase: How to create a report that includes only SSL decrypted traffic

How to create a report that includes only SSL decrypted traffic

3579
Created On 02/08/19 00:01 AM - Last Updated 02/08/19 00:01 AM
Reporting and Logging
Resolution

To create a report that includes only SSL decrypted traffic follow the steps below:

 

Steps

  1. Go to Monitor > Manage Custom Reports and click Add
  2. Enter the name of the report in Name field and select Database Detailed logs (Slower) Traffic
  3. Select the desired Time Frame
  4. Select Sort By and Group By as determined
  5. In selected columns add Source Address, Destination Address, Flags, and Session ID
  6. Create a specific query in order to filter the output
    1. Under the Attribute column select Flags
    2. Under the Operator column select has
    3. Under the Value column select SSL proxy
    4. Click Add
  7. Click OK and commit this configuration
  8. Open the custom report and select the option Run Now
    Capture.PNG

Note: If you would like to use this report as a scheduled report, you need to make sure that the Scheduled checkbox is selected.

 

See also

SSL decryption resource list

The SSL decryption resource list has a long list of articles dealing with SSL decryption only. 

 

owner: npoprzen



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZICA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language