Does the port configured as "Decryption Port mirror" able to capture decrypted traffic for threat/vulnerabilities investigation on Prisma Access?

Does the port configured as "Decryption Port mirror" able to capture decrypted traffic for threat/vulnerabilities investigation on Prisma Access?

3947
Created On 11/03/22 13:04 PM - Last Modified 12/05/23 13:44 PM


Question


  • Potential False Positive Vulnerability/Antispyware signature for a decrypted traffic is observed on Prisma Access.
  • Is it possible to Use Decryption Port mirroring to capture packets relevant to threat/vulnerabilities investigation?

Environment


  • Prisma Access
  • Decryption Port Mirror

Answer


  1. Nodes in Prisma Access are all Virtual Machines and Decryption Port Mirroring is not configurable. So Decryption port mirror cannot be used to capture the packets.
  2. Vulnerability and Antispyware False Positive investigation will have rely on extended packet captures or end user captured traffic/reproducible steps. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZpbCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language