To help conserve valuable storage space in Security Analytics, the new 8.1 feature, Intelligent Capture, allows you to discard packets you don’t want to retain, but you still want indexed and enriched so you can retain the metadata. All captured traffic is sent through the full analysis pipeline, with metadata generation, artifact extraction, and anomaly detection. Only packets deemed necessary for long-term storage are retained, optimizing available storage and easing adoption of Security Analytics.
You get all the powerful enrichment that makes Security Analytics so valuable and have more flexibility to keep only those packets they feel are truly valuable. You can create rules to determine what stays and what goes. The metadata is there for long term analysis, but it now becomes more cost-effective to get started with Security Analytics and a more compelling reason to use Security Analytics. Like other solutions, we analyze all traffic, but we have the option to retain those packets, while other solutions don’t usually offer that ability.
Limit packet retention to activity you prioritize, eliminate packets you don’t see as a threat
More on Intelligent Capture in Security Analytics Documentation