https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236829#M67864 <P>hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/85066">@BigPalo</a></P> <P>&nbsp;</P> <P>The pcaps are stored on the firewall's harddrive unencrypted</P> <P>The filesystem,&nbsp;however, is not accessible unless by authorized accounts</P> <P>&nbsp;</P> Wed, 24 Oct 2018 11:53:57 GMT reaper 2018-10-24T11:53:57Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236623#M67821 <P>Hi,</P><P>&nbsp;</P><P>I would like to know by security / audit issues if the captures that are made automatically when detecting a threat on encrypted traffic are stored encrypted or decrypted. So, PA is storing pcaps when enable ssl-decrypt about this traffic?</P> Tue, 23 Oct 2018 06:58:40 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236623#M67821 BigPalo 2018-10-23T06:58:40Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236807#M67854 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot.JPG" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17282i831F56B961706B28/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot.JPG" alt="Screenshot.JPG" /></span>This is the example. In threats, we can see the pcap in plain text. So PA is keeping the pcap in plaintext?? we need to confirm for security audit reasons.</P><P>&nbsp;</P> Wed, 24 Oct 2018 08:52:18 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236807#M67854 BigPalo 2018-10-24T08:52:18Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236829#M67864 <P>hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/85066">@BigPalo</a></P> <P>&nbsp;</P> <P>The pcaps are stored on the firewall's harddrive unencrypted</P> <P>The filesystem,&nbsp;however, is not accessible unless by authorized accounts</P> <P>&nbsp;</P> Wed, 24 Oct 2018 11:53:57 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decrypt-pcaps/m-p/236829#M67864 reaper 2018-10-24T11:53:57Z