A computer system provides a method for context-based packet scanning in a computing environment. The method includes the steps of receiving a packet from a virtual machine, determining if a network flow associated with the packet exists in a context data structure, and upon determining that a context entry associated with the network flow exists in the context data structure, tagging the packet with context information included in the context entry, comparing the context information and network flow information to context and network flow criteria in one or more packet capture policies, and recording contents of the packet when the context information and network flow information match one of the one or more packet capture policies.