BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
Issues related to installation, running, bugs, and features.
  • Page:
  • 1

TOPIC: Flow Tagger usage

Flow Tagger usage 8 years 7 months ago #3993

  • Tony Gamby
  • Tony Gamby's Avatar
How can one retrieve all the flows that generated a severity 1 alert ?

The web docs suggest flow taggers, but can anyone help specifically. The use case is the following : I want to get a list of all flows that generated a severity 1 alert. Preferably get the list in a report format PDF, or TSV, XLSX or such.


TIA
The administrator has disabled public write access.

Flow Tagger usage 8 years 6 months ago #4003

Hi,

Can you check if the flow tagger called IDS is enabled. That should tag all flows that generated an alert of any priority.

If you want only Priority 1 alert do the following.

1. Create new flow tagger Tools > Flow Tagger > Manage > Create New Flow Tagger


2. Give a Tagger name "Priority 1 Alert Flows" Tag : PRIO1 (tag must be short < 8 chars )

3. Edit Rule > Select Alert Priority > Enter Key as "sn-1" (This represents snort priority 1 alerts).

4. Create & Restart Trisul


Now Explore Flows tag=PRIO1 will pull up all flows with sev 1 alert.


Hope this helps. You can also contact us at info at unleashnetworks via email if you have any further issues.
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.
  • Page:
  • 1
Moderators: vivek [unleash]
Time to create page: 0.037 seconds