pevma
commented
7 years ago @mars01 - which dashboard and which visualization are you referring to? I think by default you can export csv from the visualization itself.
Open espressobeanies opened 7 years ago
pevma
commented
7 years ago @mars01 - which dashboard and which visualization are you referring to? I think by default you can export csv from the visualization itself.
espressobeanies
commented
7 years ago Hi Peter,
Thanks for the reply and great work with SELKS. In Scirius, under any of the Suricata rules where it provides metrics (Hits by host, Source IP, Destination IP, rule name, references, etc...) I'm not able to find an option to export those metrics to CSV. I see you can in Kibana, but not Scirius itself.
pevma
commented
7 years ago @mars01 - ok you mean Scirius I thought it was Kibana. Not yet in Scirius but it may be a good feature request @regit - what do you think ? should we move that request to Scirius?
espressobeanies
commented
7 years ago Yep, I see the same thing in Kibana where only the Top20 IP addresses are shown.
On Thu, Mar 2, 2017 at 4:54 AM, Peter Manev notifications@github.com wrote:
@mars01 https://github.com/mars01 - ok you mean Scirius I thought it was Kibana. Not yet in Scirius but it may be a good feature request @regit https://github.com/regit - what do you think ? should we move that request to Scirius?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/StamusNetworks/SELKS/issues/58#issuecomment-283608268, or mute the thread https://github.com/notifications/unsubscribe-auth/AVvX-G8vKY8hKiK25BbYfmGrZaRjtHA6ks5rhpHhgaJpZM4MLUNA .
pevma
commented
7 years ago The Kibana dashboards can be adjusted in terms of display length and enlarged for that matter (if you click on edit in the top right corner of the Kibana dashboard and then edit the individual visualization to show more than 10/20/anything).
For Scirius - would you please post a feature request on the Scirius github repo?
Hi,
Not sure if this is the appropriate place for these requests, but I'd like to see a future release of Scirius to allow for exporting individual rule alert data beyond the Top20 limit. Under the Suricata color wheel in the SELKS WebUI, the list of triggered rules and the hits by host, source IP, and destination IP per each rule only displays the Top20 results and I'm not able to obtain a complete list of all the IP addresses associated with a specific rule dating back to the last 7 days in Scirius or Kibana. It would be also nice to be able to export that data from each flagged rule to CSV format for further action.
Thanks!