The Palo Alto Networks security platform must capture traffic of detected/dropped malicious code.

An XCCDF Rule