It would be useful if PCAP snapshots were available for download from within events and incidents.
Right now the tabs within events and incidents (Header and Payload, Target Host, etc.) are just a set of endlessly scrolling tables full of hex and ASCII data.
The way the information in these tabs are organized and displayed right now makes it very difficult and time consuming to conduct investigations, gather evidence, or establish an effective workflow for chain of custody.
Being able to download the PCAP Snapshots, and export a list of links of related Snapshots would help with this.
Please sign in to leave a comment.