: Traffic Replication and PCAP Support
Focus
Focus

Traffic Replication and PCAP Support

Table of Contents

Traffic Replication and PCAP Support

Use Prisma Access to save and download PCAP files for forensics and analysis.
Prisma Access secures your traffic in real time based on traffic inspection, threat analysis, and security policies. While you can view Prisma Access logs to view security events, your organization might have a requirement to save packet capture (PCAP) files for forensic and analytical purposes, for example:
  • You need to examine your traffic using industry-specific or privately-developed monitoring and threat tools in your organization and those tools require PCAPs for additional content inspection, threat monitoring, and troubleshooting.
  • After an intrusion attempt or the detection of a new zero-day threat, you need to preserve and collect PCAPs for forensic analysis both before and after the attempt. After you analyze the PCAPs and determine the root cause of the intrusion event, you could then create a new policy or implement a new security posture.
  • Your organization needs to download and archive PCAPs for a specific period of time and retrieve as needed for legal or compliance requirements.
  • Your organization requires PCAPs for network-level troubleshooting (for example, your networking team requires data at a packet level to debug application performance or other network issues).
To accomplish these objectives, you can enable traffic replication which uses the Prisma Access cloud to replicate traffic and encrypt PCAP files using your organization's encryption certificates. To store the PCAP files, you create a GCP service account, which Prisma Access uses as the storage location of the PCAP files.