PE - Manage PCAP
Security/Monitoring Manage PCAP
Selecting Overview → Manage → Security/Monitoring → Manage PCAP displays the PCAP dashboard.
When dashboard initially loads you are presented with the following if no PCAP data exists:
Manage Security/Monitoring PCAP Manager Dashboard
Uploading PCAP Files
Clicking on Upload begins the file upload process and opens an Upload Packet Capture window.
Manage Security/Monitoring PCAP Manager Upload Packet Capture File
Select or drag and drop the desired PCAP file and select the PCAP Engine from the list.
Enter a description for the packet capture file and click Upload.
Manage Security/Monitoring PCAP Manager Example of Uploading PCAP File
After the file is uploaded a processing message appears followed by the PCAP file being listed in the Dashboard.
Manage Security/Monitoring PCAP Manager Processing Uploaded PCAP File
After the file is processed a completed message appears followed by the PCAP file being listed in the Dashboard along with data fields and packet counts.
You can now analyze the data using UNUM, download the data for further analysis in a third-party tool or delete the PCAP data file.
Manage Security/Monitoring PCAP Manager Uploaded PCAP File Processing Complete
Downloading PCAP Files
Clicking on the Download icon begins the file download process and a file Save / Open dialog begins on the host computer.
Manage Security/Monitoring PCAP Manager Downloading PCAP Files
The PCAP file is opened on the host computer using a PCAP viewing and editing software package.
Manage Security/Monitoring PCAP Manager Third Party PCAP Tool
Deleting PCAP Files
You delete PCAP files using the icon on the dashboard.
Manage Security/Monitoring PCAP Manager Dashboard Delete PCAP Files
You have the option to completely remove the PCAP file from the dashboard and the associated data from the Elasticsearch database or to retain the PCAP file but delete the data.
Clicking on Keep File will delete the PCAP agent data from the database.
Clicking on OK will remove both the data from the database and delete the file.
Manage Security/Monitoring PCAP Manager Packet Delete PCAP File
PCAP Search Function
You can easily search and filter multiple PCAP Manager entries using the Filter By: feature in the dashboard.
Begin by typing search or filter criteria and the dashboard automatically updates as shown in the example below:
Manage Security/Monitoring PCAP Manager Search Function