DECRYPTION logs improper sourcetype
FusionFC opened this issue · 0 comments
FusionFC commented
DECRYPTION logs should be sourcetype pan:decryption not pan:traffic
From the PA TA v7.0.4:
[pan_decryption]
DEST_KEY = MetaData:Sourcetype
REGEX = ^[^,]+,[^,]+,[^,]+,DECRYPTION,
FORMAT = sourcetype::pan:decryption