Packets can be found by querying the applicable header tables and data table using the unique sid/cid pair.

Bamm

On Thursday, September 5, 2013, Kristy Moore wrote:
Greetings!
 
I'm really hoping someone can help me with Sguil. I've figured out how to query for alerts and export them to a csv file (easiest format for me to use with what I'm working on) but I can't seem to find a way to match the alerts with the specific traffic (i.e. the packet) that triggered the alert on a large scale. I can obviously see the packet data from the alert screen but I need a way to export some of that info (the IP ID would probably work). Any thoughts?
 
Thanks!
Kristy 


--
sguil - The Analyst Console for NSM
http://sguil.sf.net