Can the FireEye Splunk App provide the pcap information from an alert that occurs in FireEye? The alerts I'm looking at are the ones from Web MPS in the Communication Capture field where you can "Get pcap file". If there is a way to have that pcap available in Splunk or a way to easily pivot to the pcap from Splunk that would be excellent.
↧