I'm trying troubleshoot slow excel file transfers, and did my initial investigation by adding a "trust" ACE for that specific subnet which resulted in optimal transfer speeds.

I don't see any intrusion events, (the file downloads so I guess it doesn't trigger a rule), but how do I finde the rule that inspects the file or if it's a preprocs?

I could disable/enable every active excel rule, and turn every relevant preprocessor to do "trial and error" approach until I get the right one, but that's not very efficient.

Isn't it possible to see what firepower did to the flow or file?