Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Traffic Capture

Seamless, cloud-based packet capture for security incident investigations, forensics, and threat detection enhancements.


Easily capture decrypted traffic via specific criteria within Zscaler policy engines - supporting efficient security forensics without requiring additional appliances.

Why it Matters

Access to past traffic content is a must-have

To conduct deep forensic analysis, investigate incidents, review issues that trigger false positives, test new threat signatures against known threat activity, and ensure regulatory compliance, security practitioners and threat researchers need access to traffic that has traversed the Zscaler Zero Trust Exchange™ platform.


Reduce time, effort, and cost to capture traffic content

Cut down cost and complexity
Decrypt and capture traffic content without a legacy appliance-based solution, saving countless hours and expenditures.
Reduce infrastructure and bandwidth cost
Define policy-level criteria to capture only content associated with risky events, rather than all content, avoiding further added costs.
Safeguard data
Securely store PCAP files in your preferred external storage.
What’s Inside

Get secure and seamless access to traffic content

Zscaler Traffic Capture enables you to incorporate capture decisions into existing policies across URL filtering, malware protection, advanced threat protection, firewall and IPS control, DNS control, and file type control.

By defining granular policies and rules for capturing specific traffic content, you can concentrate on packets and full content related to risky events identified by advanced threat and malware detection signatures, threat intelligence, AI/ML as well as flexible and specific policy controls.

Use cases

Better security forensics


Capture some traffic for extended periods to support threat hunting and many forensic/incident response investigation needs

Investigate incidents

Study and replay traffic that might have caused a threat signature or other detection to trigger a false positive

Appraise threat signatures

Test new threat signatures or detections of any kind against known threat activity in real traffic content

Comply with regulations

Capture traffic content to comply with regulatory compliance requirements

Our Platform

Experience the power of the Zscaler Zero Trust Exchange

A comprehensive cloud platform eliminates point products and reduces operational overhead.

Our Platform - Diagram

Securely connects authorized users, devices, and workloads using business policies

Learn and explore resources

New Cybersecurity Innovations: Analytics and Visibility
New Cybersecurity Innovations: Analytics and Visibility
Read the blog
Gartner MQ Security Service Edge (SSE) Report | Zscaler
Gartner MQ Security Service Edge (SSE) Report | Zscaler
Read the report
Zscaler Internet Access
Zscaler Internet Access
Read the Datasheet
dots pattern

Zscaler Traffic Capture

Take the next step

Let our experts show you what Zscaler Traffic Capture can do.