Packets can be found by querying the applicable header tables and data table using the unique sid/cid pair.


On Thursday, September 5, 2013, Kristy Moore wrote:
I'm really hoping someone can help me with Sguil. I've figured out how to query for alerts and export them to a csv file (easiest format for me to use with what I'm working on) but I can't seem to find a way to match the alerts with the specific traffic (i.e. the packet) that triggered the alert on a large scale. I can obviously see the packet data from the alert screen but I need a way to export some of that info (the IP ID would probably work). Any thoughts?

sguil - The Analyst Console for NSM