In the MongoDB, you can see a new database called PCAP files. This is where Packet Capture (PCAP) files are stored. PCAP (also known as libpcap) is an application programming interface (API) that captures live network packet data from OSI model Layers 2-7. In this feature, PCAPs are generated for incident events, available for download, and complete and viable.
Download PCAP Files from the UI
Downloading PCAP files from the UI can be done either from the Incidents page or the Cases page.
Download PCAP Files from the Incidents Page
Log in to the LogRhythm NDR UI.
Click the Incident tab. The Incidents page appears and displays a list of incidents.
Click the timestamp of an incident with a higher score. The details of that incident appear in an Incident detail table. If a small icon appears under the Info column, then a PCAP file is available for that incident.
To download this PCAP file, click the icon. The PCAP file is downloaded automatically.
Download PCAP Files from the Cases Page
Log in to the LogRhythm NDR UI.
Point to the System tab, and select Cases. The Cases page appears.
Click the timestamp of a case with a higher score. The details of that case appear in a case table. If a small icon appears under the Info column, then a PCAP file is available for that particular case.
To download this PCAP file, click the icon. The PCAP file is downloaded automatically.
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
