11-15-2012 10:13 AM
Dears,
I would like to know if there is a possibility to collect some packets before and after the packet that trigged the attack signature
it will be helpful in case of troubleshooting and confirm if this attack is a false positive or real attack( knowing that this option is available from other vendors )
Thanks and regards
Samir.
11-16-2012 01:18 AM
When you setup a profile for the IPS in Objects -> Security Profiles -> Vulnerability Protection you can define if packet capture should be performed or not (either globally like a group of threatid's or specific threatid's).
I cant find any info in the manual if packets from before the packet that triggered the attack signature will be part of this pcap.
11-16-2012 10:17 AM
Thanks Mikand for you reply, is there someone who can clarify us on this ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
