Well, I'm trying to show a graph of overall SSL traffic (which is the first part), then a graph showing the decrypted traffic (index="paloalto" flags=decrypted type=THREAT threat!="MP4 Detected(52104)"), then a final part showing the wildfire events (which is a very small number of things, and this is currently searching via timechart count as All_Blocked_count count(eval(eventtype= pan_wildfire)) as Pan_Wildfire_Blocked_count )
I would like this all as three separate bar charts or line charts- basically, to show the difference between each type of traffic flow. We start with SSL traffic, decrypt a small part of that (and I want to show the threat events found in decrypted traffic), then I finally want to show the wildfire findings in that decrypt traffic.
... View more
