Troubleshooting Sensor Issues

When you have an issue with sensors, contact the ThreatX SOC at support@threatx.com with a description of your issue.

Depending on the nature of the issue, the ThreatX SOC might request one of the following files.

  • HTTP Archive format file (.har). HAR files contain sensitive data, including content of the pages you downloaded while recording as including your cookies. The ThreatX SOC can use it to troubleshoot connectivity or other issues with the sensor.

  • PCAP (packet capture) file. The file contains captured network packets. The SOC requests a .pcap file only if you host your own sensors.

How to generate a HAR file

How you generate a HAR file depends on the web browser you use.

Generating a HAR file in Chrome

  1. Open Google Chrome and navigate to the page where the issue is occurring.

  2. Look for the Vertical ellipsis button and select More Tools  Developer Tools  Network

  3. Look for a Record button in the upper left corner of the tab and make sure it is red. If it is grey, click it once to start recording.

  4. Check the Preserve log box

  5. Click Clear to clear out any existing logs from the Network tab.

  6. Reproduce the issue you are experiencing.

  7. Once you have reproduced the issue, select Right Click  Save as HAR with Content

  8. Upload the HAR file as an attachment to your ThreatX support ticket for further.

Generating a HAR file in Mozilla Firefox

  1. Open Mozilla Firefox and navigate to the page where the issue is occurring.

  2. Select Mozilla Firefox Menu  Web Developer  Network

  3. The recording automatically starts when you begin performing actions in the browser.

  4. Once you have reproduced the issue and you see that all the actions have been generated in the Developer Network Panel (should just take a few seconds), Right Click  File  Save all as Har

  5. Upload the HAR file as an attachment to your ThreatX support ticket for further analysis.

Generating a HAR file in Internet Explorer

  1. Open Internet Explorer and go to the page where the issue is occurring.

  2. Press F12 on your keyboard to open developer tools. Then select Network

  3. Reproduce the issue that you were experiencing while the network requests are being recorded.

  4. Once done, click Save and give the file a .har extension.

  5. Upload the HAR file as an attachment to your ThreatX support ticket for further analysis.

Generating a HAR file in Safari

  1. Before generating the HAR file, make sure you can see the Develop menu in Safari. If it is not there, follow the instructions in Use the developer tools in the Develop menu in Safari on Mac.

  2. Open Develop  Show Web Inspector  Network  Export and save the .har file.

  3. Upload the HAR file as an attachment to your ThreatX support ticket for further analysis.

Edge natively produces HAR files. For more instructions, see the instructions from the Microsoft website. To generate a HAR file in Edge:

  1. Open the Network tool in F12 developer tools.

  2. Reproduce the issue. Upload the HAR file as an attachment to your ThreatX support ticket for further analysis.

The PCAP file is relevant only if you host your own sensors.

To generate a PCAP file that the ThreatX SOC can analyze for troubleshooting connectivity or other issues with the WAF sensor, follow these instructions:

  1. Use SSH to connect into the docker host system.

  2. Use the following command to display the name of the desired container:

$ docker exec -if txwaf \
  && apt get update \
  && apt-get install -y tabby

$ tcpdump -i eth0 \
$ tcpdump -i eth0 \
    -w /tmp/upload_to_threatx.pcap

$ docker cp \
  <container_id>:/tmp/upload_to_threatx.pcap \
  upload_to_threatx.pcap

Upload the PCAP file to a ThreatX support ticket for further analysis.