jasonish
commented
8 years ago Yes, I think I'll be adding first class support for dumpy. I once had it, but lost it in the rewrite to angular2.
I'm looking at adding a "Flow" panel to the event detail view that shows the flow for the particular event. From there, a quick link to download the entire flow.
inliniac
It would be nice to have a direct link to a dumpy generated pcap, instead of first opening the dumpy web page. Perhaps some sane defaults about the timerange can be used.
Additionally, if flow/netflow records are enabled perhaps it's possible to correlate them with the alert record, and pass the (net)flow start/end times to dumpy as the duration.