: Export Threat, Filter, and Data Filtering PCAPs
Focus
Focus

Export Threat, Filter, and Data Filtering PCAPs

Table of Contents

Export Threat, Filter, and Data Filtering PCAPs

To export threat PCAPs, you need to provide the PCAP ID from the threat log and the search time, which is the time that the PCAP was received on the firewall. Threat PCAP filenames use apcapID.pcap format.
PCAP Type
API Request
Threat PCAP using PCAP ID, device name, session ID, and search
curl -X POST 'https://firewall/api?type=export&category=threat-pcap&pcap-id=<id>&device_name=<device name>&sessionid=<session id>&search-time=<yyyy/mm/dd+hr:min:sec>"
List of filtered PCAPs
curl -X POST 'https://firewall/api?type=export&category=filters-pcap"
Specific filtered PCAP file
curl -X POST 'https://firewall/api?type=export&category=filters-pcap&from=<filename>"
List of data filtering PCAP file names
curl -X POST 'https://firewall/api?type=export&category=dlp-pcap&dlp-password=<password>"
Specific data filtering PCAP file
curl -X POST 'https://firewall/api?type=export&category=dlp-pcap&dlp-password=<password>&from=<filename>&to=<localfile>"