where's the output data

[Tomligit]

I'm a newer I'm learning flowbat.I only know that the rwcut output is a document that File extension is .csv. But I can't find it.I want to know the path of output data.I can't find it from table.js and chart.coffee. I need your help.Can tell me where's the output data

[Tomligit]

I want to what's the output path of rwcut,rwstats,and rwcount

[automayt]

FlowBAT outputs CSVs upon request;

If you're looking for the path to the temporary RWF files that are created on each execution, please go to the top right of FlowBAT and see "SiLK Server Configuration" followed by "Temporary Storage Directory" within.

If this is a SiLK specific question and not FlowBAT, let me know.

[Tomligit]

I know that the output-path is /tmp/@_id.rwf.But I don't know the output-path of rwcut,rwstats and rwcount.It doesn't show that. I did not find a flow data anomaly detection module in this program.I think it's a good idea to add a suitable cap to your flow data.It is better to predict normal data and compare it with current data,which can help me identify abnormal data. I want to set an alert value for my flow data to find abnormal invasion.But I can't find the data.of rwcount. It only show that data = chartWrapper.getDataTable（） I want to figure out the sources of data for chart and tables.May be it's an array, file or database.

[automayt]

I don't know that FlowBAT alone will meet your needs on that. The dashboard of FlowBAT can manage some degree of what you mention, but if you want robust alerting, you might want to investigate using SiLK directly from the command line. FlowBAT can assist in helping to generate the queries. Also check out the "SiLK Analysis Pipeline" by CERT NetSA. It will have more of the options that you're probably looking for if your goal is to gradually move this data around based on specific desired input/output. I believe it has mechanisms for SIEM output/forwarding or specific alerting events.

[Tomligit]

thanks