Hey, appreciate that this is nearly a year later, but PCAP/WinPCAP/Wireshark are not what people are referring to. Perhaps the initial response isn’t clear.
What people are asking is the ability to export the actions taken by Glasswire into some form of log, be it flat file (so it can be read by an agent like OSSEC), Syslog (preferred) or some form of API (generally least preferred). So every time Glasswire detects a malicious programme using the Virus Total API, or detects a new device on the network via “Things”, or even just report every IP address/port/url that applications are communicating with.
Logs with this information in can then be ingested into SIEMs (Splunk, QRadar, OSSIM, LogRhythm, etc.) and correlated with other system information/threat intelligence sources. For instance, my last example above could be correlated against indicators of compromise obtained via various threat intelligence services.
It’s important to get the information directly from the endpoint rather than from network devices as they can be bypassed quite easily; the widespread use of TLS/SSL these days being a primary-yet-basic method.