Re: [Sguil-devel] Sguil - Packet Analysis
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-devel] Sguil - Packet Analysis
|
From: Bamm V. <bam...@gm...> - 2013-09-07 01:21:58
|
Packets can be found by querying the applicable header tables and data table using the unique sid/cid pair. Bamm On Thursday, September 5, 2013, Kristy Moore wrote: > Greetings! > > I'm really hoping someone can help me with Sguil. I've figured out how to > query for alerts and export them to a csv file (easiest format for me to > use with what I'm working on) but I can't seem to find a way to match the > alerts with the specific traffic (i.e. the packet) that triggered the alert > on a large scale. I can obviously see the packet data from the alert screen > but I need a way to export some of that info (the IP ID would probably > work). Any thoughts? > > Thanks! > Kristy > -- sguil - The Analyst Console for NSM http://sguil.sf.net |