Hortonworks Docs » Hortonworks Cybersecurity Platform 1.6.0 » Hortonworks Cybersecurity Platform

Hortonworks Cybersecurity Platform

Also available as:

PDF

loading table of contents...

Introduction to Metron Dashboard
- Functionality of Metron Dashboard
- Metron Default Dashboard
Customizing Your Metron Dashboard
Sharing the Metron Dashboard
Triaging Alerts
Using PCAP

Filtering pcap Data

You can search or filter the pcap data using a command line tool.

Fixed Filter Option
The fixed filter option uses a small set of parameters to query the PCAP data. For example, the filter can specify the IP Source Address (ip_src_addr) and the IP Destination Address (ip_dst_addr) in the query. The fixed filter option is prescriptive and does not allow a lot of flexibility in the query.
Query Filter Option
The query filter leverages Stellar and allows you to be more flexible as you define the parameters used by the query. This filter option uses a binary regular expression that can be run on the packet payload itself. The query filter option can produce a very large output and create multiple files populating them with the specified number of records and titling them with timestamps.

Parent topic: Using PCAP

© 2012–2019, Hortonworks, Inc.

Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.

Hortonworks.com | Documentation | Support | Community