End-of-Life (EoL)

Export Threat, Filter, and Data Filtering PCAPs

To export threat PCAPs, you need to provide the PCAP ID from the threat log and the search time, which is the time that the PCAP was received on the firewall. Threat PCAP filenames use a
pcapID.pcap
format.
PCAP Type
API Request
Threat PCAP using PCAP ID, device name, session ID, and search
curl -X GET "https://<firewall>/api/?key=<apikey>&type=export&category=threat-pcap&pcap-id=<id>&device_name=<device name>&sessionid=<session id>&search-time=<yyyy/mm/dd+hr:min:sec>"
In version 9.0.7 or later, PAN-OS firewalls don’t require sessionid and devicename to export threat PCAPs.
List of filtered PCAPs
curl -X GET "https://<firewall>/api/?key=<apikey>&type=export&category=filters-pcap"
Specific filtered PCAP file
curl -X GET "https://<firewall>/api/?key=<apikey>&type=export&category=filters-pcap&from=<filename>"
List of data filtering PCAP file names
curl -X GET "https://<firewall>/api/?key=<apikey>&type=export&category=dlp-pcap&dlp-password=<password>"
Specific data filtering PCAP file
curl -X GET "https://<firewall>/api/?key=<apikey>&type=export&category=dlp-pcap&dlp-password=<password>&from=<filename>&to=<localfile>"

Recommended For You