With Kaspersky Anti Targeted Attack Platform, you can save mirrored traffic from SPAN ports for investigation and detection of malicious activity within the perimeter of your corporate LAN. With mirrored traffic recording, you can perform retrospective analysis of network events and investigate the actions of hackers. Traffic is saved as dumps in PCAP format.
To save mirrored traffic from SPAN ports, you need to enable the recording of this traffic and configure the recording. You can also select network protocols from which you want Kaspersky Anti Targeted Attack Platform to extract objects and metadata when processing mirrored traffic.
Watch a video tutorial on how to configure Central Node to work with SPAN traffic through the Sensor component. You can play the video on the Help page (see below) or follow the link https://youtu.be/9whcEY-5MAs?si=lZKy1WxtTM7kXWt5.
Configuring Central Node to work with SPAN traffic via the Sensor component