Smart Packet Capture Tool (Corelight Smart PCAP)

STORE PACKETS LONGER, FIND THEM FASTER

Smart PCAP is a highly efficient approach to packet capture that links Zeek^® logs, extracted files, and detections with just the packets you need for investigation.

Corelight's Smart PCAP gives security teams complete control over packet capture. Compared to full PCAP, it extends investigation lookback windows from days to weeks or months by capturing only the packets needed. Accelerate investigations by pivoting quickly from Corelight alerts to PCAP files with one-click packet retrieval right from your SIEM.

Up to 10x longer lookback windows vs. full PCAP
Set precise, powerful rules to capture only useful packets
Flexible storage options via Corelight, BYO hardware, or the cloud (S3)
Pivot quickly from alert to PCAP files with one-click retrieval via SIEM or Investigator

How it works

With Corelight Sensors in place, you can configure external packet storage via Corelight, BYO hardware, or cloud storage (Amazon S3). Corelight’s sensor management console lets analysts create new capture rules at configurable byte-depths based on capture triggers such as alerts, protocol type, and encryption status. Analysts can then retrieve packets via their SIEM or Corelight Investigator by clicking the PCAP URL embedded in the connection log, which opens the packets in Wireshark for further analysis.

100% network coverage

Configure Smart PCAP to capture packets for all connections not already captured via Corelight logs, and also capture the first 2,000 bytes of all unencrypted traffic. This configuration drives comprehensive network visibility by giving security teams a source of evidence for every connection in their environment via Corelight logs, captured packets, or both.

SMART PCAP

STORE PACKETS LONGER, FIND THEM FASTER

How it works

100% network coverage

EVIDENCE

Smart PCAP

Have questions?

Sign up for our newsletter

Locations

1 (888) 547-9497

We're hiring!