Certain policies can be configured to capture traffic that matches a policy criteria, content scan signature, or any other detection logic for later analysis. To learn more, see About Traffic Capture. Captured traffic is stored in an Amazon S3 bucket. Your organization must have an S3 bucket configured to store traffic capture data. To learn more about Amazon S3, refer to the Amazon S3 documentation.

To configure Traffic Capture:

1. Go to Administration > Traffic Capture.
2. Click Enable Traffic Capture.
3. In the AWS S3 Settings section, enter the necessary information to connect your organization's S3 bucket to Zscaler. After you have entered the information, you can click Test Connection to verify the status of the connection.

See image.

3. In the Per Occurrence Limits section, you can specify the storage limit and sampling rate for each instance when traffic capture occurs.

See image.

4. Click Save.
5. For the following policies that allow Traffic Capture, you can enable the Capture option:
   • Advanced Threat Protection
   • File Type Control
   • Firewall Filtering
   • DNS Filtering
   • IPS Control
   • Malware Protection
   • URL Filtering
6. Click Save and activate the change.