The correct answer is B. The Security Gateway sends a packet capture file along with the log file. The former can be analyzed with an external tool, such as Wireshark . Packet Capture is a tracking enhancement used when logs alone are not enough to understand the traffic that triggered a security event. Check Point documentation explains that Packet Capture lets administrators capture network traffic and that the packet-capture content provides greater insight into the traffic that generated the log. When this feature is activated, the Security Gateway sends a packet-capture file with the log to the Log Server.

This is especially useful for IPS and Threat Prevention troubleshooting because analysts can inspect payload structure, headers, protocol behavior, retransmissions, and exact traffic context behind a prevention or detection event. Packet captures can then be opened in external protocol-analysis tools such as Wireshark for deeper investigation. Option A is incorrect because Packet Capture is not specifically an XDR visualization feature. Option C is unrelated to tracking and describes a timeout-style behavior. Option D describes threshold/reset logic, not packet evidence collection. Reference topics: Packet Capture Track option, Logs & Monitor, Threat Prevention event analysis, IPS troubleshooting, packet-level evidence.