Adding a packet capture rule

Procedure

1. Go to Administration → Monitoring / Scanning → Packet Capture.
2. Click Add.
   A new screen appears.
3. Select Enable.
4. Specify the rule priority.
5. (Optional) Type a Description.
6. Type one or more IP addresses, or IP address ranges.

   Note Only packets for detections of the specified addresses or within the specified ranges are captured. You can add a maximum of 50 entries that can be IP addresses or IP address ranges.

7. In Detection Criteria, do nothing to apply the rule to any detection, or click add specific criteria.
8. If you clicked add specific criteria, specify the criteria.
   • Detection Type
   • Detection Rule ID
   • Threat/Detection/Reference

     Note Contains and Does not contain match partial strings. Equals does not match partial strings.

   • Severity

   Note Click "+" to add additional criteria. Alternatively, click "-" to remove criteria. You can add a maximum of 10 criteria.

9. Select the action to perform when packets match the criteria.
   • Capture
   • Do not capture
10. Click Add.