Hi, I want to dump a pcap file for each traffic flow or just dump each alert flow, rather than save all packets into one pcap. Is there any solution to do this?
Not (yet), there is the conditional pcap feature coming which would at least dump the traffic on specific types of alert. But for all flows you would need to use some sort of indexer. like stenographer
Thank you for your answer!