"Report Generated" timestamp displayed in [Log Details] differ from "Generate Time" or "Receive Time" in HIP Match Log entries

• Checking the log details under GUI: Monitor > Logs > HIP Match.
• Clicking on the magnifying glass opens popup window of the latest HIP Report.
• The timestamp in "Report Generated" field in the window is different from "Generate Time" or "Receive Time" fields in HIP Match Log entries.

• Palo Alto Firewalls
• Supported PAN-OS
• GlobalProtect (GP) App
• HIP Match logs

This is due to the fact of firewall maintaining only the latest HIP Report for each user, discarding older versions.

1. The HIP Match log displays the most current HIP Report that the firewall (or GP Gateway) has on file for that specific user.
2. So the time difference seen is as expected.

• The firewall maintains only the latest HIP Report for each user, discarding older versions.
• When the GlobalProtect (GP) app generates a HIP Report, this report is sent to the firewall during its next scheduled HIP report check.
• The firewall identifies updates by comparing the hash of the new report with the hash of the currently stored report. If the hashes differ, indicating a change in the reported elements, the firewall refreshes its stored report with the new one.
• If the generated report has the same hash as the one already stored, it means there are no updates, and the firewall does not refresh its report.
• Because of this system, the "Report Generated" timestamp on the HIP Report itself often differs from the "Generate/Receive Time" found in the HIP Match log entries.