Palo Alto Networks/paloalto-ngfw/tests/test_decryption_csv.json

{
  "input": {
    "message": "1,2024/11/03 19:09:43,111111111111,DECRYPTION,0,2562,2024/11/03 19:09:43,1.2.3.4,5.6.7.8,4.3.2.1,8.7.6.5,URL Filtering - Chrome Profile,jdoe,,ssl,vsys1,VPN-SSL,INTERNET,tunnel.16,ae2.1111,Forward-Syslog,2024/11/03 19:09:43,2020391,1,55107,443,22814,443,0x400400,tcp,allow,N/A,,,,,25185364-4f1b-46b5-a376-a96a9438d665,Unknown,Unknown,TLS1.3,ECDHE,AES_256_GCM,SHA384,NoDecrypt-rule,,None,uninspected,Uninspected,No Decrypt,,,,,V1,0,0,0,0,0,:::::NONE,,,,,,,,,,,,,2024-11-03T19:09:43.654+01:00,,,,,,,,,,,,,,,,,1111111111111111111,0x8000000000000000,53,0,0,0,,NFW-OUT-DCA,1,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no\n",
    "sekoiaio": {
      "intake": {
        "dialect": "Palo Alto NGFW",
        "dialect_uuid": "903ec1b8-f206-4ba5-8563-db21da09cafd"
      }
    }
  },
  "expected": {
    "message": "1,2024/11/03 19:09:43,111111111111,DECRYPTION,0,2562,2024/11/03 19:09:43,1.2.3.4,5.6.7.8,4.3.2.1,8.7.6.5,URL Filtering - Chrome Profile,jdoe,,ssl,vsys1,VPN-SSL,INTERNET,tunnel.16,ae2.1111,Forward-Syslog,2024/11/03 19:09:43,2020391,1,55107,443,22814,443,0x400400,tcp,allow,N/A,,,,,25185364-4f1b-46b5-a376-a96a9438d665,Unknown,Unknown,TLS1.3,ECDHE,AES_256_GCM,SHA384,NoDecrypt-rule,,None,uninspected,Uninspected,No Decrypt,,,,,V1,0,0,0,0,0,:::::NONE,,,,,,,,,,,,,2024-11-03T19:09:43.654+01:00,,,,,,,,,,,,,,,,,1111111111111111111,0x8000000000000000,53,0,0,0,,NFW-OUT-DCA,1,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no\n",
    "event": {
      "action": "allow",
      "category": [
        "network"
      ],
      "dataset": "decryption",
      "outcome": "success",
      "type": [
        "info"
      ]
    },
    "@timestamp": "2024-11-03T19:09:43Z",
    "action": {
      "name": "allow",
      "outcome": "success",
      "type": "0"
    },
    "destination": {
      "address": "5.6.7.8",
      "ip": "5.6.7.8",
      "nat": {
        "ip": "8.7.6.5",
        "port": 443
      },
      "port": 443
    },
    "log": {
      "hostname": "NFW-OUT-DCA",
      "logger": "decryption"
    },
    "network": {
      "application": "ssl",
      "transport": "tcp"
    },
    "observer": {
      "name": "NFW-OUT-DCA",
      "product": "PAN-OS",
      "serial_number": "111111111111"
    },
    "paloalto": {
      "DGHierarchyLevel1": "53",
      "DGHierarchyLevel2": "0",
      "DGHierarchyLevel3": "0",
      "DGHierarchyLevel4": "0",
      "Threat_ContentType": "0",
      "VirtualLocation": "vsys1",
      "VirtualSystemID": "1",
      "tls": {
        "chain_status": "Uninspected",
        "root_status": "uninspected"
      }
    },
    "related": {
      "ip": [
        "1.2.3.4",
        "4.3.2.1",
        "5.6.7.8",
        "8.7.6.5"
      ],
      "user": [
        "jdoe"
      ]
    },
    "rule": {
      "name": "URL Filtering - Chrome Profile"
    },
    "source": {
      "address": "1.2.3.4",
      "ip": "1.2.3.4",
      "nat": {
        "ip": "4.3.2.1",
        "port": 22814
      },
      "port": 55107,
      "user": {
        "name": "jdoe"
      }
    },
    "tls": {
      "version": "1.3"
    },
    "user": {
      "name": "jdoe"
    }
  }
}