This document discusses how to retrieve the X-Forwarded-For (XFF) IP address from packet captures (PCAP) files after creating the case from events.
X-Forwarded-For is an HTTP header used to track the original IP address of a user connecting to a web server through a proxy or load balancer.
UI Implementation
-
Add X-Forwarded-IP as a new field in the UI.
-
Specify the necessary information about inserting the whitelist into a table along with the X-Forwarded-IP field.
-
Add a Whitelist in the Case Events page as below.
