Adding a Packet Capture Rule Parent topic

Procedure

  1. Go to AdministrationMonitoring / ScanningPacket Capture.
  2. Click Add.
    A new screen appears.
  3. Select Enable.
  4. Specify the rule priority.
  5. (Optional) Type a Description.
  6. Type one or more IP addresses, or IP address ranges.
    Note
    Note
    Only packets for detections of the specified addresses or within the specified ranges are captured.
    You can add a maximum of 50 entries that can be IP addresses or IP address ranges.
  7. In Detection Criteria, do nothing to apply the rule to any detection, or click add specific criteria.
  8. If you clicked add specific criteria, specify the criteria.
    • Detection Type
    • Detection Rule ID
    • Threat/Detection/Reference
      Note
      Note
      Contains and Does not contain match partial strings. Equals does not match partial strings.
    • Severity
    Note
    Note
    Click "+" to add additional criteria. Alternatively, click "-" to remove criteria.
    You can add a maximum of 10 criteria.
  9. Select the action to perform when packets match the criteria.
    • Capture
    • Do not capture
  10. Click Add.