Decryption HTTPS Fields

The following table identifies the Decryption field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
HTTPS Name
Query Name
Action
Application
app
ApplicationCategory
ApplicationSubcategory
CertificateFlags
CertificateSerial
CertificateSize
CertificateVersion
ChainStatus
ApplicationCharacteristics
ClientToFirewall
CommonName
cn
CommonNameLength
ConfigVersion
ContainerID
ApplicationContainer
CountOfRepeat
Cpadding
CortexDataLakeTenantID
DestinationDeviceCategory
DestinationDeviceClass
DestinationDeviceHost
DestinationDeviceMac
DestinationDeviceModel
DestinationDeviceOS
DestinationDeviceOSFamily
DestinationDeviceOSVersion
DestinationDeviceProfile
DestinationDeviceVendor
DestinationDynamicAddressGroup
DestinationEDL
DestinationAddress
DestinationLocation
DestinationPort
DestinationUser
DestinationUserDomain
DestinationUserName
DestinationUserUUID
DestinationUUID
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
Domain
EllipticCurve
ErrorIndex
ErrorMessage
Fingerprint
FirewallToClient
FromZone
InboundInterface
InboundInterfaceDetailsPort
InboundInterfaceDetailsSlot
InboundInterfaceDetailsType
InboundInterfaceDetailsUnit
CaptivePortal
IsCertECDSA
IsCertRSA
IsCertCNTruncated
IsClienttoServer
IsContainer
IsDecryptMirror
IsDecrypted
IsDuplicateLog
IsEncrypted
LogExported
IsForwarded
IsIPV6
IsIssuerCNTruncated
IsMptcpOn
IsNAT
IsNonStandardDestinationPort
PacketCapture
IsPhishing
IsPrismaNetwork
IsPrismaUsers
IsProxy
IsReconExcluded
IsResumeSession
IsRootCNTruncated
IsSaaSApplication
IsServertoClient
IsSNITruncated
IsSourceXForwarded
IsSystemReturn
IsTransaction
IsTunnelInspected
IsURLDenied
IssuerCommonName
IssuerNameLength
LogSetting
LogSource
DeviceSN
DeviceName
LogSourceTimeZoneOffset
TimeReceived
LogType
NATDestination
NATDestinationPort
NATSource
NATSourcePort
TimeNotAfter
TimeNotBefore
OutboundInterface
OutboundInterfaceDetailsPort
OutboundInterfaceDetailsSlot
OutboundInterfaceDetailsType
OutboundInterfaceDetailsUnit
Padding
Padding3
ContainerName
ContainerNameSpace
PolicyName
Protocol
ProxyType
ApplicationRisk
RootCommonName
RootCNLength
RootStatus
Rule
RuleUUID
SanctionedStateOfApp
SequenceNo
SessionID
ServerNameIndication
sni
SNILength
SourceDeviceCategory
SourceDeviceClass
SourceDeviceHost
SourceDeviceMac
SourceDeviceModel
SourceDeviceOS
SourceDeviceOSFamily
SourceDeviceOSVersion
SourceDeviceProfile
SourceDeviceVendor
SourceDynamicAddressGroup
SourceEDL
SourceAddress
SourceLocation
SourcePort
SourceUser
SourceUserDomain
SourceUserName
SourceUserUUID
SourceUUID
SubType
ApplicationTechnology
TimeGenerated
TimeGeneratedHighResolution
TimeReceivedManagementPlane
TLSAuth
TLSEncryptionAlgorithm
TLSKeyExchange
TLSVersion
ToZone
Tpadding
Tunnel
TunneledApplication
VendorName
Vpadding
VirtualLocation
VirtualSystemID
VirtualSystemName

Recommended For You