Configuring Packet Capture

Procedure

1. In the Trend Vision One console, go to Network Security → Network Analysis Configuration → Monitoring / Scanning → Packet Capture.
2. Enable packet capture.
   1. Select one or more appliances.
   2. Click the Configure Packet Capture drop down and click Enable.
   3. Click Save.

      Important The request to enable or disable packet capture is not sent until you click Save on the main Packet Capture screen.

3. Click the name of an appliance to configure packet capture settings.
   The packet capture rule list for the appliance appears.
4. To import the packet capture settings from another appliance, click Replace with Existing List.

   Important Using this method replaces any currently configured packet capture rules on the target appliance.

   1. Select the source appliance to import settings.
   2. Click Replace.
   3. Click Save.
      The console returns to the main Packet Capture screen. You may need to click Save again to ensure your changes are kept.
5. Click Add to add a new packet capture rule.
   1. Configure the settings in the Capture Settings window.

      Setting	Description
      Status	The status of the packet capture rule
      Priority	The priority order in which the rule is applied Packet capture rules are applied in order of priority, with 1 having the highest priority.
      Description	A description of the rule which appears on the packet capture rule list
      Host IP address / range	The IP address or range the rule applies to
      Detection criteria	Which kinds of detections the rule applies to Select Add specific criteria if you want to limit the detection types the rule applies to.
      Action	Whether the packet is captured for the rule or not

   2. Click Save.
   3. In the packet capture list, click Save.
      The console returns to the main Packet Capture screen. You may need to click Save again to ensure your changes are kept.