Cloud NGFW for AWS Decryption Log Fields
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for AWS Pricing
- Cloud NGFW Credit Distribution and Management
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Configure Automated Account Onboarding
- Usage Explorer
- Create a Support Case
- Cloud NGFW for AWS Certifications
- Cloud NGFW for AWS Privacy and Data Protection
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Strata Logging Service
- Tag Based Policies
- Configure Zone-based Policy Rules
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
- Strata Cloud Manager Policy Management
Cloud NGFW for AWS Decryption Log Fields
Learn the meaning of each Cloud NGFW for AWS decryption log fields.
Field Name | Description |
|---|---|
Generated Time (time_generated or cef-formatted-time_generated) | Time the log was generated on the dataplane. |
Source IP Address (src_ip) | Original session source IP address. |
Source Port (sport) | Source port utilized by the session. |
Session ID (sessionid) | An internal numerical identifier applied
to each session. |
Destination Address (dst_ip) | Original session destination IP address. |
Destination Port (dport) | Destination port utilized by the session. |
IP Protocol (proto) | IP protocol associated with the session. |
Application (app) | Application associated with the session. |
Rule (rule) | Security policy rule that controls the session
traffic. |
Action (action) | Action taken for the session; possible values
are:
|
TLS Version (tls_version) | The version of TLS protocol used for the
session. |
Key Exchange Algorithm (key_exchange_algorithm) | The key exchange algorithm used for the
session. |
Encryption Algorithm (tls_enc) | The algorithm used to encrypt the session
data, such as AES-128-CBC, AES-256-GCM, etc. |
Hash Algorithm (hash_algorithm) | The authentication algorithm used for the
session, for example, SHA, SHA256, SHA384, etc. |
Elliptic Curve (elliptic_curve) | The elliptic cryptography curve that the
client and server negotiate and use for connections that use ECDHE
cipher suites. |
| Server Name Indication (server_name_indication) | The Server Name Indication. |
Server Name Indication Length (server_name_indication_length) | The length of the Server Name Indication
(hostname). |
Proxy Type (proxy_type) | The Decryption proxy type, such as Forward
for Forward Proxy, Inbound for Inbound Inspection, No Decrypt for
undecrypted traffic, GlobalProtect, etc. |
Chain Status (chain_status) | Whether the chain is trusted. Values are:
|