Is it possible to configure a trigger in order to pull a pcap capture when an alert or detection is produced?
Hi @dfarina3f
If you are referring to creating a precision packet capture, the answer is unfortunately no. PPCAPs can be created in a trigger on the Flow in which you’d like to capture, but in the event of DETECTION_UPDATE (the trigger event that fires when a detection is created), the Flow that caused the detection would have occurred in the past.