Hortonworks Docs
»
Hortonworks Cybersecurity Platform 1.5.1
»
Hortonworks Cybersecurity Platform
Hortonworks Cybersecurity Platform
Also available as:
Introduction to Metron Dashboard
Functionality of Metron Dashboard
Metron Default Dashboard
Events
Enrichment
YAF
Snort
Web Request Header
DNS
Customizing Your Metron Dashboard
Launching the Metron Dashboard
Changing the Metron Dashboard Background Color
Adding a New Data Source
Configuring a New Data Source Index
Reviewing the New Data Source Data
Querying, Filtering, and Visualizing Data
Customizing Your Dashboard
Sharing the Metron Dashboard
Triaging Alerts
Launch the Alerts User Interface
Viewing Alerts
Using the Alerts Table
Configure Table Columns
Configure Table Row Settings
Display Additional Alerts Information
Search Alerts
Filter Alerts
Manage Alert Status
Escalate an Alert
Group Alerts
Create a Meta Alert
Save Your Searches
View Your Recent and Saved Searches
PCAP
Capturing pcap Data
Processing pcap Data
View pcap Data
Filtering pcap Data
Query pcap Data Using the Fixed Filter Option
Query pcap Data Using the Query Filter Option
Query pcap Data Using the REST API
Porting pcap Data to Another Application
Filtering pcap Data
You can search or filter the pcap data using either a command line tool or a REST API.
Query pcap Data Using the Fixed Filter Option
You can search or filter the PCAP data by the packet header with the fixed filter command line tool.
Query pcap Data Using the Query Filter Option
You can search or filter the PCAP data using a binary regular expression which can be run on the packet payload itself. This query filter option can produce a very large output and create multiple files populating them with the specified number of records and titling them with timestamps.
Query pcap Data Using the REST API
The REST API is an alternative to using the CLI and Stellar to query the pcap data. The purpose of this service is to provide a middle tier to negotiate retrieving packet capture data that flows into HCP. This packet data is in a form that
libpcap
-based tools can read. The REST API exposes the query functionality via http.
Parent topic:
PCAP
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community