Cisco Multicloud Defense User Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: May 19, 2023

Packet Capture

Packet Capture profiles are configured and associated with a Multicloud Defense Gateway and enabled in Policy Rules, Network Threat Profiles, and Web Protection Profiles. A packet capture can capture traffic flows (PCAP files), and application and network threats (HAR files).

Capture File Formats

Policy Rule Capture - <bucketname>/<cspaccountname>/<gatewayname>/flow-packet- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<policyname>.pcap.gz

IPS Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/network-threats- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.pcap.gz

WAF Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/web-protection- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz

API Logging - <bucketname>/<cspaccountname>/<gatewayname>/api-logging- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz

Create Packet Capture Profile

Procedure

Step 1	Navigate to Manage > Profiles > Packet Capture.
Step 2	Click Create.
Step 3	Specify a Profile Name and Description.
Step 4	Specify a CSP Account.
Step 5	Depending on the CSP, specify the parameters for the storage bucket. For AWS, specify the S3 Bucket. For Azure, specify the Storage Account Name, Blog Container and Storage Access Key. For GCP, specify the Storage Bucket.
Step 6	Click Save.
Step 7	Add the desired Gateway Associations (refer to Add a Gateway Association).

Edit a Profile

Procedure

Step 1	Navigate to Manage > Profiles > Packet Capture.
Step 2	Check the box next to the Profile you want to Edit.
Step 3	Click Edit.
Step 4	Modify the parameters as desired.
Step 5	Click Save.

Delete a Profile

Procedure

Step 1	Navigate to Manage > Profiles > Packet Capture.
Step 2	View the Profile Details to view the Associated Gateways.
Step 3	Remove all Gateway Associations (refer to Remove a Gateway Association).
Step 4	Navigate to Manage > Profiles > Packet Capture.
Step 5	Check the box next to the Profile you want to Delete.
Step 6	Click Delete.
Step 7	Confirm the Delete operation by clicking Yes or No.

View a Profile Details

Procedure

Step 1	Navigate to Manage > Profiles > Packet Capture.
Step 2	Select the Profile link you want to view the Details.
Step 3	View the Details information.

Add a Gateway Association

Procedure

Step 1	Navigate to Manage > Gateways > Gateways.
Step 2	Check the box next the Gateway you want to associate the Profile.
Step 3	Click Edit.
Step 4	For the Packet Capture Profile parameter, select the desired Profile from the menu.
Step 5	Click Save.

Remove a Gateway Association

Procedure

Step 1	Navigate to Manage > Gateways > Gateways.
Step 2	Check the box next the Gateway you want to de-associate the Profile.
Step 3	Click Edit.
Step 4	For the Packet Capture Profile parameter, click the 'X' next to the Profile to remove it.
Step 5	Click Save.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)