HTTPS Inspection

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name	Rule Type	Common Event	Classification
HTTPS Inspection	Base Rule	Inspect Packet	Network Traffic
HTTPS Inspection : HTTPS Bypass	Sub Rule	Inspect Packet	Network Traffic

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Product	<version>	Text/String
origin	<sender>	Number/Text
SIP	<sip>	Number
SPort	<sport>	Number
DIP	<dip>	Number
dport	<dport>	Number
ifname	<sinterface>	Number
ifdirection	<tag1>	Number/Text
dst_machine_name	<dname>	Number/Text
src_machine_name	<sname>	Number/Text
Action	<action>	Number/Text
Action	<tag2>	Number/Text
protocol	<protname>	Number/Text
Url	<url>	Number/Text
User	<login>	Number/Text
src_user_name	<login>	Number/Text
dst_user_name	<account>	Number/Text
matched_category	<subject>	Text/String
HTTPS_inspection_rule_name	<command>	Number/Text