Enable Threat Packet Capture
- Objects > Security Profiles
To enable the firewall to capture packets when it detects a threat, enable the packet capture option in the security profile.
and then modify the desired profile as described in the following table:
Packet Capture Options in Security Profiles
Select a custom antivirus profile and, in the
Select a custom Anti-Spyware profile, click the
DNS Signaturestab and, in the
Packet Capturedrop-down, select
Select a custom Vulnerability Protection profile and, in the
Addto add a new rule or select an existing rule. Then select the
Packet Capturedrop-down and select
In Anti-Spyware and Vulnerability Protection profiles, you can also enable packet capture on exceptions. Click the
Exceptionstab and in the Packet Capture column for a signature, click the drop-down and select
Optional) To define the length of a threat packet capture based on the number of packets captured (which is based on a global setting), select
and, in the Content-ID™ Settings section, modify the
Extended Packet Capture Length (packets)field (range is 1-50; default is 5).
After you enable packet capture on a security profile, you need to verify that the profile is part of a security rule. For information on how to add a security profile to a security rule, see Security Policy Overview.
Each time the firewall detects a threat when packet capture is enabled on the security profile, you can download ( ) or export the packet capture.
Take a Threat Packet Capture
Take a Threat Packet Capture To configure the firewall to take a packet capture (pcap) when it detects a threat, enable packet capture on Antivirus, ...
Packet Capture Overview
Packet Capture Overview You can configure a Palo Alto Networks firewall to perform a custom packet capture or a threat packet capture. Custom Packet Capture ...
Objects > Security Profiles > Anti-Spyware Profile
Objects > Security Profiles > Anti-Spyware Profile You can attach an Anti-Spyware profile to a Security policy rule for detecting connections initiated by spyware and ...
Types of Packet Captures
Types of Packet Captures There are four different types of packet captures you can enable, depending on what you need to do: Custom Packet Capture ...
Monitor > Packet Capture
Monitor > Packet Capture All Palo Alto Networks firewalls have a built-in packet capture (pcap) feature you can use to capture packets that traverse the ...
Configure DNS Sinkholing for a List of Custom Domains
Configure DNS Sinkholing for a List of Custom Domains To enable DNS Sinkholing for a custom list of domains, you must create an External Dynamic ...
Objects > Security Profiles > Vulnerability Protection
Objects > Security Profiles > Vulnerability Protection A Security policy rule can include specification of a Vulnerability Protection profile that determines the level of protection ...
Create Best Practice Security Profiles for the Internet Gat...
Use these File Blocking settings as a best practice at your internet gateway. ...
Create the Data Center Best Practice Vulnerability Protecti...
Protect your data center from attacks such as buffer overflows, illegal code execution, and other attempts to exploit vulnerabilities. ...