Network security analysts love to see packets, however most commercial security products don't record them, instead they provide packet-less event messages that can leave you asking yourself "Did that event really happen?" This talk investigates this situation and covers the history that lead the speaker to start an Open Source project that has helped him to enrich security detection events with packets as required.
OpenFPC is a packet capture framework that is designed to help retro-fit full packet data into external existing packet-less event generating tools (think Intrusion detection, firewalls, SIEMs, or log managers). Learn how to rapidly deploy a distributed full packet capture system using only a few commands, and then enrich other tools with it to augment your current event analysis process.