I'm trying troubleshoot slow excel file transfers, and did my initial investigation by adding a "trust" ACE for that specific subnet which resulted in optimal transfer speeds.
I don't see any intrusion events, (the file downloads so I guess it doesn't trigger a rule), but how do I finde the rule that inspects the file or if it's a preprocs?
I could disable/enable every active excel rule, and turn every relevant preprocessor to do "trial and error" approach until I get the right one, but that's not very efficient.
Isn't it possible to see what firepower did to the flow or file?