It was my understanding that Junos SRX 11.4 supported the feature to enable packet captures of IDP events
You can edit the IDP policy and on the nofication field run a pre and post attack PCAP
JTAC have told me this is supported on branch devices...I've questioned this. but been told its supported
Does anyone know any more information on this?
Failing the above, what's the best tool for reporting IDP events and what tiggered them
I am setting this up on my lab as soon as I can but I have a couple of other labs to run first.
Send me an email and we can confirm this.
Interesting, this KB would suggest that it is only available on the high end SRX
"Note: This feature is only supported on high-end SRX platforms i.e. SRX1400, SRX3400, SRX3600, SRX5600, SRX5800."
These IDP events can be captured on STRM.