Hortonworks Docs
»
Hortonworks Cybersecurity Platform 1.6.1
»
Hortonworks Cybersecurity Platform
Hortonworks Cybersecurity Platform
Also available as:
Introduction to Metron Dashboard
Functionality of Metron Dashboard
Metron Default Dashboard
Events
Enrichment
YAF
Snort
Web Request Header
DNS
Customizing Your Metron Dashboard
Launching the Metron Dashboard
Changing the Metron Dashboard Background Color
Adding a New Data Source
Configuring a New Data Source Index
Reviewing the New Data Source Data
Querying, Filtering, and Visualizing Data
Customizing Your Dashboard
Sharing the Metron Dashboard
Triaging Alerts
Launch the Alerts User Interface
Viewing Alerts
Using the Alerts Table
Configure Table Columns
Configure Table Row Settings
Display Additional Alerts Information
Search Alerts
Filter Alerts
Manage Alert Status
Escalate an Alert
Group Alerts
Create a Meta Alert
Save Your Searches
View Your Recent and Saved Searches
Using PCAP
Capturing pcap Data
Processing pcap Data
View pcap Data
Filtering pcap Data
Query pcap Data Using the Fixed Filter Option
Query pcap Data Using the Query Filter Option
Methods to Execute PCAP Filter Options
Using the PCAP Panel UI to Query pcap Data
Using the CLI to Query pcap Data With the Fixed Filter Option
Using the CLI to Query pcap Data With the Query Filter Option
Porting pcap Data to Another Application
Filtering pcap Data
You can search or filter the pcap data using either a command line tool or a REST API.
Query pcap Data Using the Fixed Filter Option
You can search or filter the PCAP data by the packet header with the fixed filter command line tool.
Query pcap Data Using the Query Filter Option
You can search or filter the PCAP data using a binary regular expression which can be run on the packet payload itself. This query filter option can produce a very large output and create multiple files populating them with the specified number of records and titling them with timestamps.
Parent topic:
Using PCAP
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community