Ahmed needs visibility into connection attempts through a firewall because he believes that a TCP handshake is not properly occurring. Which of the following describes security information and event management (SIEM) capability that is BEST suited to troubleshoot this issue?

When troubleshooting TCP handshakes, the most valuable tool in many cases is packet capture. If Ahmed sees a series of SYN packets without the handshake being completed, he can be reasonably sure the firewall is blocking traffic. Reviewing reports or logs may be useful for this as well but won’t show the TCP handshake issue mentioned in the problem, and sentiment analysis is focused on how individuals and groups are responding, not on a technical problem.