>
    Strata Copilot
    Traffic Replication and PCAP Support
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. June 2023
    5. Traffic Replication and PCAP Support
    Download PDF
    What's New in the NetSec Platform

    Traffic Replication and PCAP Support

    Table of Contents

    Traffic Replication and PCAP Support

    Use Prisma Access to save and download PCAP files for forensics and analysis.
    Prisma® Access secures your traffic in real time based on traffic inspection, threat analysis, and security policies. While you can view Prisma Access logs to view security events, your organization might have a requirement to save packet capture (PCAP) files for forensic and analytical purposes, for example:
    • You need to examine your traffic using industry-specific or privately-developed monitoring and threat tools in your organization and those tools require PCAPs for additional content inspection, threat monitoring, and troubleshooting.
    • After an intrusion attempt or the detection of a new zero-day threat, you need to preserve and collect PCAPs for forensic analysis both before and after the attempt. After you analyze the PCAPs and determine the root cause of the intrusion event, you could then create a new policy or implement a new security posture.
    • Your organization needs to download and archive PCAPs for a specific period of time and retrieve as needed for legal or compliance requirements.
    • Your organization requires PCAPs for network-level troubleshooting (for example, your networking team requires data at a packet level to debug application performance or other network issues).
    To accomplish these objectives, you can enable traffic replication which uses the Prisma Access cloud to replicate traffic and encrypt PCAP files using your organization's encryption certificates.

    © 2025 Palo Alto Networks, Inc. All rights reserved.