• No replies
1 Post

Pinned topic PCAP Appliance Index of Packet

‏2015-03-28T10:42:49Z |

What is indexed on the PCAP appliance?  Does the entire packet or specific parts of the packet get indexed?  The documentation is vague.

Real-time indexing
QRadar Packet Capture can produce an index automatically during packet
capture. The index can be queried with BPF-like syntax to quickly retrieve
interesting packets in a specified time interval.