Decryption Administration
  • Decryption Administration
  • Network Security Documentation
  • All Documentation
>
Create Decryption Reports
Focus
Download PDF
Focus
  1. Home
  2. Network Security
  4. Monitor Decryption
  5. Create Decryption Reports
Download PDF
Network Security

Create Decryption Reports

Table of Contents

Create Decryption Reports

Learn how to create and generate custom decryption reports using decryption logs and templates.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by PAN-OS or Panorama)
Depending on the products you're using, you need at least one of...
If you're using a NGFW (Managed by PAN-OS or Panorama), no other requirements.
You can create custom reports for decryption events based on decryption log fields and custom templates. Select log fields to include in custom reports and select templates to refine the log query. You can schedule the reports to generate immediately (on demand) or on schedule (each night). Creating decryption reports help you “keep a pulse” on your network, validate policy rules, and decide where to focus your attention when maintaining or troubleshooting decryption activity.
For information about custom report options and considerations, see Custom Reports.
  1. Select MonitorManage Custom Reports.
  2. Add a custom report.
  3. To configure the decryption log fields to use in the custom report, select Decryption as the Database.
    The Available Columns list changes to match the columns available in the decryption log. Select and add the columns (information) that you want to include in the custom report. If you don’t want to refine the custom report any further, click OK to generate the report.
  4. Under Database, select Scheduled to run a report each night. The report is available for viewing in the Reports column on the side.
    To generate a scheduled custom report using logs stored in Strata Logging Service on the Panorama™ management server, install a Cloud Service plugin 1.8 or later release on the server.
  5. (Optional, PAN-OS 10.0 and Later) Refine the output of the report using the Query Builder or predefined templates.
    To build a query, specify the following and click Add. Repeat as needed to construct the full query.
    • Connector—Choose the connector (AND or OR) to precede the expression you are adding.
    • Negate—Select the check box to interpret the query as a negation. If, for example, you choose to match entries from the last 24 hours that originate from the untrust zone, the negate option causes a match on entries that are not from the past 24 hours and do not originate from the untrust zone.
    • Attribute—Choose a data element. The available options depend on the choice of database.
    • Operator—Choose the criterion to determine whether the attribute applies (such as =). The available options depend on the choice of database.
    • Value—Specify the attribute value to match.
    To select a template to filter the report output, click Load Template and select from the four decryption templates:
    The Query column shows the filter query that each template represents. Load the desired query and then click OK to save the custom report.
  6. To test the report settings, select Run Now. Modify the settings as required to change the information that displays.
  7. View the custom reports.
    1. Select MonitorReports.
    2. Select Custom Reports from the list of report types.
    3. Select a report to view. The reports page then displays the report for the previous day.
      To view reports for other days, select a date in the calendar below the report types. If you select a report in another section, the date selection resets to the current date.
    4. To view a report offline, export the report to PDF, CSV, or XML formats. Click Export to PDF, Export to CSV, or Export to XML, then print or save the file.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.