[Snort-users] acid and demarc

SkatFiend at ...661... SkatFiend at ...661...
Tue Feb 26 09:56:10 EST 2002


Kooollll, I see what you're saying, that's for the FYI.

Cliff

In a message dated 2/26/2002 12:49:04 PM Eastern Standard Time, 
rhill at ...2446... writes:


> Cliff,
> 
> I don't blame you, there are parts of the UI that just aren't overly 
> obvious
> on the included features in the product.  To sort by IP from the Event 
> page,
> simply click on the Source IP or Destination IP fields to see all alerts
> triggered by the IP within the given time period.  For the 'Events' page,
> I'm pretty sure that's just the last 24 hours.  To see all alerts ever
> generated for an IP, you could either click in the Top Src or Top Dst IP's
> window in Quick Stats OR run a search based on that IP OR show all events 
> in
> the past x days, and then click on the IP you're interested in to 
> drill-down
> the result set.
> 
> Ah, I just realized if you're looking for a page that allows you to drill
> down from an IP-only display (ala ACID), you're correct, and that's 
> missing.
> Sorry about that.
> 
> Regards,
> 
> Ryan Hill, MCSE 
> IT Ninja
> Corporate Information Systems
> TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
> v: 206.792.2276 - f: 206.792.2001
> 
> 
> > -----Original Message-----
> > From: SkatFiend at ...661... [mailto:SkatFiend at ...661...] 
> > Sent: Monday, February 25, 2002 6:40 PM
> > To: rhill at ...2446...
> > Cc: snort-users at lists.sourceforge.net
> > Subject: RE: [Snort-users] acid and demarc
> > 
> > 
> > Ok, give me a sanity check here, maybe Im over looking 
> > something basic, as I see it Demarc has IP search 
> > capabilities, but not sorting. It does organize the "events" 
> > page basied on unique alerts. However, unlike ACID where I 
> > can click and sort the hits in asending or desending IP order 
> > amongst other things, I have yet to see this ability in 
> > Demarc. If you know of a way please let me know.
> > 
> > Cliff
> > 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020226/2f0978eb/attachment.html>


More information about the Snort-users mailing list