This message was deleted.
# neuvector-security
a
This message was deleted.
k
can you share a screenshot of the violation
f
Yes, @kind-church-47495 Pls consider the attached.
k
is there another rule created before that violation that should've allowed it? I don't see any in the scenario 2 screenshot maybe it's filtered
also I don't work for rancher i'm just curious myself
πŸ‘ 1
f
@kind-church-47495 Pls check id: 2 in scenario 2 screenshot. It was the 1st rule created before the mentioned violation.
Ideally since the connection was already allowed, above mentioned violation should not have occured.
k
that is strange, I wonder if you have a packet capture, I think it's supposed to provide a packet capture for a network violation if the traffic is actually SSL traffic or something else maybe
f
As per my understanding, .pcaps are created only for network threat scenarios, not for network violations πŸ™‚
πŸ‘ 1
However, this is in fact strange.
k
yeah may have to wait for someone smarter than me:) ha
q
PCAPs can be created manually or even automagically as part of a Response Rule. πŸ™‚
k
they can be created after the fact or has to be done prior?
q
One can only capture traffic that is currently in transit.
(just like any network packet capture πŸ™‚ )
k
lol, that's what I figured, i read your first comment and thought maybe it was caching pcaps for a certain amount of time where you could manually get it
q
To the original issue here: I’m baffled. Sorry.
f
@kind-church-47495 hehe, it's all about learning the product. Sharing is caring πŸ™‚
πŸ€› 1
🀜 1
BTW, @quaint-candle-18606 Can we actually get a .pcap as a response rule? In UI, it only allows a webhook log, log suppression and quarantining as actions.
q
Sorry, I said that in a flurry of multitasking yesterday. I am ashamed. 😞
f
Ah, never mind πŸ™‚