With Kaspersky Anti Targeted Attack Platform, you can save mirrored traffic from SPAN ports for investigation and detection of malicious activity within the perimeter of your corporate LAN. With mirrored traffic recording, you can perform retrospective analysis of network events and investigate the actions of hackers. Traffic is saved as dumps in PCAP format.
To save mirrored traffic from SPAN ports, you need to enable the recording of this traffic and configure the recording. You can also select network protocols from which you want Kaspersky Anti Targeted Attack Platform to extract objects and metadata when processing mirrored traffic.