Security Analytics has a feature that allows you to import any PCAP into the appliance for analysis. Is it possible to delete a PCAP that has already been imported?
Unfortunately, there is no way to delete imported PCAPS (even via CLI) until the data is overwritten. Regardless of the timestamps of the PCAP packets themselves, the data is considered captured at the time of import. However long it takes to overwrite their data, it will remain. The only way to delete the data is to wipe all data. For example, if your slot chain window is May 5 – 10 and you import a PCAP on May 7th, regardless of the timestamps in the PCAP, it will get overwritten at the same time the other May 7th data gets overwritten.
Future versions may have the option for Selective PCAP deletion, but this has not yet been released, as of 8.0.3.