Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Including a packet decode with signature alarm

Is there a way to include the first 64 bytes of a packet in the alarm message for a particular signature?

3 REPLIES
Gold

Re: Including a packet decode with signature alarm

You can include the entire trigger packet by adding the 'produce verbose alert' action to a signature. Specific engines include a certain amount of "contextual" data but it's not documented which do and how much.

New Member

Re: Including a packet decode with signature alarm

Thats great thanx, for packet capture I can use "IP logging".

Mike j

Gold

Re: Including a packet decode with signature alarm

or you can add the 'log pair packets' action to a specific signature. The caveat however is that the capture starts with the trigger packet.

122
Views
0
Helpful
3
Replies
CreatePlease to create content