Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Traffic Capture

Seamless, cloud-based packet capture for security incident investigations, forensics, and threat detection enhancements.


Easily capture decrypted traffic via specific criteria within Zscaler policy engines - supporting efficient security forensics without requiring additional appliances.

Why it Matters

Access to past traffic content is a must-have

To conduct deep forensic analysis, investigate incidents, review issues that trigger false positives, test new threat signatures against known threat activity, and ensure regulatory compliance, security practitioners and threat researchers need access to traffic that has traversed the Zscaler Zero Trust Exchange™ platform.


Reduce time, effort, and cost to capture traffic content

Cut down cost and complexity

Decrypt and capture traffic content without a legacy appliance-based solution, saving countless hours and expenditures.

Reduce infrastructure and bandwidth cost

Define policy-level criteria to capture only content associated with risky events, rather than all content, avoiding further added costs.

Safeguard data

Securely store PCAP files in your preferred external storage.

What’s Inside

Get secure and seamless access to traffic content

Zscaler Traffic Capture enables you to incorporate capture decisions into existing policies across URL filtering, malware protection, advanced threat protection, firewall and IPS control, DNS control, and file type control.

By defining granular policies and rules for capturing specific traffic content, you can concentrate on packets and full content related to risky events identified by advanced threat and malware detection signatures, threat intelligence, AI/ML as well as flexible and specific policy controls.

Use cases

Better security forensics


Capture some traffic for extended periods to support threat hunting and many forensic/incident response investigation needs

Investigate incidents

Study and replay traffic that might have caused a threat signature or other detection to trigger a false positive

Appraise threat signatures

Test new threat signatures or detections of any kind against known threat activity in real traffic content

Comply with regulations

Capture traffic content to comply with regulatory compliance requirements

Zscaler Traffic Capture

Take the next step

Let our experts show you what Zscaler Traffic Capture can do.