https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244087#M300 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1081569299">@PMorendage</a>&nbsp;,</P> <P>&nbsp;</P> <P>You can identify weak ciphers with a decryption profile for non-decrypted traffic.&nbsp; Create a decryption rule with the action of no-decrypt and assign the decryption profile to it.&nbsp; Since you do not want to block weak ciphers at this time, allow everything.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/decryption-profile#create-a-decryption-profile-pm" target="_blank">https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/decryption-profile#create-a-decryption-profile-pm</A></P> <P>&nbsp;</P> <P>When a lot of traffic runs through the decryption profile, you can use cool tools to analyze the traffic.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/decryption/administration/troubleshooting-decryption/identify-weak-tls-protocols-cipher-suites#identify-weak-tls-protocols-and-cipher-suites-pan-os" target="_blank">https://docs.paloaltonetworks.com/network-security/decryption/administration/troubleshooting-decryption/identify-weak-tls-protocols-cipher-suites#identify-weak-tls-protocols-and-cipher-suites-pan-os</A></P> <P>&nbsp;</P> <P>After you have analyzed the traffic, you can choose to block weak certificates, ciphers, or protocols by unchecking the boxes in the decryption profile.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Wed, 17 Dec 2025 22:15:44 GMT TomYoung 2025-12-17T22:15:44Z https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244034#M299 <P data-start="75" data-end="183">How do we detect RC4 traffic without decrypting using the Palo Alto toolset (NGFW, SCM, SLS, IoT, etc.)?</P> <P data-start="188" data-end="227">In SLS, I can currently filter down to:</P> <P data-start="232" data-end="316"><CODE data-start="232" data-end="316">Application Subcategory = 'auth-service' AND Application = 'active-directory-base'</CODE></P> <P data-start="321" data-end="397">However, there is no option to identify the use of weak ciphers (e.g., RC4).</P> Wed, 17 Dec 2025 05:35:49 GMT https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244034#M299 PMorendage 2025-12-17T05:35:49Z https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244087#M300 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1081569299">@PMorendage</a>&nbsp;,</P> <P>&nbsp;</P> <P>You can identify weak ciphers with a decryption profile for non-decrypted traffic.&nbsp; Create a decryption rule with the action of no-decrypt and assign the decryption profile to it.&nbsp; Since you do not want to block weak ciphers at this time, allow everything.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/decryption-profile#create-a-decryption-profile-pm" target="_blank">https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/decryption-profile#create-a-decryption-profile-pm</A></P> <P>&nbsp;</P> <P>When a lot of traffic runs through the decryption profile, you can use cool tools to analyze the traffic.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/decryption/administration/troubleshooting-decryption/identify-weak-tls-protocols-cipher-suites#identify-weak-tls-protocols-and-cipher-suites-pan-os" target="_blank">https://docs.paloaltonetworks.com/network-security/decryption/administration/troubleshooting-decryption/identify-weak-tls-protocols-cipher-suites#identify-weak-tls-protocols-and-cipher-suites-pan-os</A></P> <P>&nbsp;</P> <P>After you have analyzed the traffic, you can choose to block weak certificates, ciphers, or protocols by unchecking the boxes in the decryption profile.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Wed, 17 Dec 2025 22:15:44 GMT https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244087#M300 TomYoung 2025-12-17T22:15:44Z https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244101#M301 <P>Thank you very much Tom , Let me test and get back to you&nbsp;</P> Thu, 18 Dec 2025 02:00:22 GMT https://live.paloaltonetworks.com/t5/strata-logging-service/detect-rc4-traffic/m-p/1244101#M301 PMorendage 2025-12-18T02:00:22Z