https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22674#M16565 <HTML><HEAD></HEAD><BODY><P>Thanks Mikand for you reply, is there someone who can clarify us on this ? </P></BODY></HTML> Fri, 16 Nov 2012 18:17:53 GMT Samir.Belkessam 2012-11-16T18:17:53Z https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22672#M16563 <HTML><HEAD></HEAD><BODY><P>Dears,</P><P></P><P>I would like to know if there is a possibility to collect some packets before and after the packet that trigged the attack signature</P><P>it will be helpful in case of troubleshooting and confirm if this attack is a false positive or real attack( knowing that this option is available from other vendors )</P><P></P><P>Thanks and regards</P><P>Samir.</P></BODY></HTML> Thu, 15 Nov 2012 18:13:51 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22672#M16563 Samir.Belkessam 2012-11-15T18:13:51Z https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22673#M16564 <HTML><HEAD></HEAD><BODY><P>When you setup a profile for the IPS in Objects -&gt; Security Profiles -&gt; Vulnerability Protection you can define if packet capture should be performed or not (either globally like a group of threatid's or specific threatid's).</P><P></P><P>I cant find any info in the manual if packets from before the packet that triggered the attack signature will be part of this pcap.</P></BODY></HTML> Fri, 16 Nov 2012 09:18:40 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22673#M16564 mikand 2012-11-16T09:18:40Z https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22674#M16565 <HTML><HEAD></HEAD><BODY><P>Thanks Mikand for you reply, is there someone who can clarify us on this ? </P></BODY></HTML> Fri, 16 Nov 2012 18:17:53 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-set-up-packet-logging/m-p/22674#M16565 Samir.Belkessam 2012-11-16T18:17:53Z