"Is Decrypted" shows 'yes' in Traffic log while it shows 'no' in other type of logs in Panorama or Explorer App

"Is Decrypted" shows 'yes' in Traffic log while it shows 'no' in other type of logs in Panorama or Explorer App

1803
Created On 11/04/21 00:12 AM - Last Modified 08/09/25 02:54 AM


Symptom


"Is Decrypted" in the Traffic log shows 'yes' (GUI: Monitor > Logs > Traffic).
Traffic_log.png

On the same session, "Is Decrypted" in another type of log, such as threat or decryption, shows 'no' (GUI: Monitor > Logs > Threat).
Threat_log.png

 

Environment


  • Panorama
  • Cortex Data Lake (CDL)
  • Explorer App

Cause


  • The threat log on the cloud firewalls has a flag 0x1000000, which means the session is decrypted.
  • There is another flag mapped to the "is_decrypted" value of the CDL side.
  • The value of this flag is only populated for traffic logs, so it is always "0", which means "no" in another type of log.

Resolution


  1. This is the current design.
  2. If needed, contact our Sales/Account team to raise the feature request for this behavior.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MDzCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language