PCAP Snapshots
CompletedHi,
It would be useful if PCAP snapshots were available for download from within events and incidents.
Right now the tabs within events and incidents (Header and Payload, Target Host, etc.) are just a set of endlessly scrolling tables full of hex and ASCII data.
The way the information in these tabs are organized and displayed right now makes it very difficult and time consuming to conduct investigations, gather evidence, or establish an effective workflow for chain of custody.
Being able to download the PCAP Snapshots, and export a list of links of related Snapshots would help with this.
-
Official comment
Hi Raymond,
We have now released our new incident user experience and are rolling it out in batches to our customers, which includes PCAP export. If you are interested in being upgraded to this new experience early, please let us know and we can add you in our early batches of the customer upgrade plan.
Information on PCAP exports can be found in the PCAP Export section of the Incident Console Features knowledge base article.
-
Thank you for the feedback, Raymond! I'm submitting this request to our Product team and we'll notify you here when we have any updates.
0 -
Hi Raymond
We are working on a complete revamp of our incident handling user experience, which will also include improvements on the drilldown into event payload in the case of network intrusion event driven incidents. We are planning on different decoding views and ability to export PCAP, leveraging lessons learned from what our internal SOC analysts value in working with intrusion events.
We will have details on the planning and release of this capability shortly, but i can tell you we are actively working on this feature as we speak.
1 -
Hello Raymond,
I wanted to give a quick update on your request regarding PCAP export. As I mentioned in my last update, we have been working on this feature for some time. We are currently in the validation phase. This is part of a larger overhaul of our incident user experience and therefor needs a lot of vetting before we can roll it out. Our plan is to start rolling this out across the customer-base, starting in August - we will spend most of July finalizing, polishing and vetting the new UI, and then will have a gradual roll-out across our full customer-base.
Let us know if you have any questions.
Best regards,
Guy
0
Please sign in to leave a comment.
Comments
4 comments