Every incident response team has dealt with the nightmare situation where a third party says "we have an incident - and it came from your network." Third-party notifications are no fun to deal with. You're effectively starting from "something happened, but we have limited (if any) IOCs." It gets *so much worse* when the team investigates but concludes you were in fact *not* the source of the incident.
In this webcast, tune in while Jake walks you through how packet capture assists in addressing third-party notifications. Whether you actually end up proving the negative or quickly confirming the notification is legitimate, *indexed* packet capture rapidly moves you from notification to triage to response.