Re: acid and demarc

[SkatFiend () aol com]

Kooollll, I see what you're saying, that's for the FYI.

Cliff

In a message dated 2/26/2002 12:49:04 PM Eastern Standard Time, 
rhill () xypoint com writes:


> Cliff,
>
> I don't blame you, there are parts of the UI that just aren't overly 
> obvious
> on the included features in the product.  To sort by IP from the Event 
> page,
> simply click on the Source IP or Destination IP fields to see all alerts
> triggered by the IP within the given time period.  For the 'Events' page,
> I'm pretty sure that's just the last 24 hours.  To see all alerts ever
> generated for an IP, you could either click in the Top Src or Top Dst IP's
> window in Quick Stats OR run a search based on that IP OR show all events 
> in
> the past x days, and then click on the IP you're interested in to 
> drill-down
> the result set.
>
> Ah, I just realized if you're looking for a page that allows you to drill
> down from an IP-only display (ala ACID), you're correct, and that's 
> missing.
> Sorry about that.
>
> Regards,
>
> Ryan Hill, MCSE 
> IT Ninja
> Corporate Information Systems
> TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
> v: 206.792.2276 - f: 206.792.2001
>
>
> > -----Original Message-----
> > From: SkatFiend () aol com [mailto:SkatFiend () aol com] 
> > Sent: Monday, February 25, 2002 6:40 PM
> > To: rhill () xypoint com
> > Cc: snort-users () lists sourceforge net
> > Subject: RE: [Snort-users] acid and demarc
> >
> >
> > Ok, give me a sanity check here, maybe Im over looking 
> > something basic, as I see it Demarc has IP search 
> > capabilities, but not sorting. It does organize the "events" 
> > page basied on unique alerts. However, unlike ACID where I 
> > can click and sort the hits in asending or desending IP order 
> > amongst other things, I have yet to see this ability in 
> > Demarc. If you know of a way please let me know.
> >
> > Cliff