Packet capture (PCAP) is a default part of how Field Effect operates. When a Field Effect analyst sees something anomalous occur from one of our analytics, they will examine PCAP data to get a detailed look at what happened. Field Effect analysts also use the PCAP data for threat hunting, and as a critical part of eliminating false positives before they get to a customer. The full capture data remains resident on the appliance and is not transferred off-premises except for cases that require deeper analysis.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article