Solved: Re: Secure Network Analytics: Trying to get PCAPS from older connectio

davedvo · ‎08-24-2022

Hello Cisco Security Analytics Community,

Has anyone been able to download packet capture files in the .pcap format, from the Secure Analytics management center? I am looking to do so, for packets that were involved in past alarms that have triggered in the console. I saw that you can download this data, by setting up a live packet capturing session in the Flow Collector in central management at the Appliance Statistics page. It would be best however, if you can perform this operation for past collected and processed network telemetry as well.

Philipp Tannich · ‎08-24-2022

Hello @davedvo,

Unfotunately, this is not possible with the "normal" features. You said correctly, you can monitor the live traffic on a FC and download the packages then. However, you can't get the traffic from an event.

But, if you want this happen, we can make this happen for you! Check out this one: https://packetcontinuum.nextcomputing.com/ciscosecurity/
Might this be what you're looking for?

Cheers!

View solution in original post

Philipp Tannich · ‎08-24-2022

Hello @davedvo,

Unfotunately, this is not possible with the "normal" features. You said correctly, you can monitor the live traffic on a FC and download the packages then. However, you can't get the traffic from an event.

But, if you want this happen, we can make this happen for you! Check out this one: https://packetcontinuum.nextcomputing.com/ciscosecurity/
Might this be what you're looking for?

Cheers!

davedvo · ‎08-25-2022

Hi Good Morning @Philipp Tannich

Thanks a huge amount for the update to my question and the company that works with Cisco to allow for this feature to exist. I'll look into ordering an appliance form Packetcontinuum.

Secure Network Analytics: Trying to get PCAPS from older connections.