CSPi leverage(s) Firepower intrusion event data to automatically export and store PCAPs from their full packet capture and storage solution. Full packet capture technology helps intrusion event analysts by extending visibility into the offending traffic beyond the PCAP collected by Firepower’s Snort based IDS/IPS engine. Pivoting from specific intrusion events, users can view a vast time window of captured traffic in the partner’s console or download large PCAPs for analysis in a decoding tool of their choice. This helps incident response analysts move from “suspicion” about a security event to “conviction” about the appropriate response.
Click here to read the full post by Andrew Peters on the Cisco Blog.