Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Snorby
Home
+ new post
About this group
Join this group
View only unclassified events
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
BPendygraft  
View profile  
 More options Apr 18 2012, 4:40 pm
From: BPendygraft <bpendygr...@lloydmc.com>
Date: Wed, 18 Apr 2012 13:40:26 -0700 (PDT)
Local: Wed, Apr 18 2012 4:40 pm
Subject: View only unclassified events
Print | Individual message | Show original | Report this message | Find messages by this author
Hello,
I just installed Snorby via Security Onion, and I'm trying to figure
out how to filter out events that I have already classified.
I tried doing a search for Classification Is Not False Positive & Is
Not Policy Violation as those are the only two classifications I have
used, but it didn't return anything.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Gmail  
View profile  
 More options Apr 18 2012, 8:43 pm
From: Gmail <dustin.web...@gmail.com>
Date: Wed, 18 Apr 2012 20:43:51 -0400
Local: Wed, Apr 18 2012 8:43 pm
Subject: Re: [Snorby] View only unclassified events
Print | Individual message | Show original | Report this message | Find messages by this author
I'm not sure I understand. The main event views do not show classified events. They can all be viewed on the search results page. If you are trying to do something like 'classification_id is null' then that's a problem (from the search builder ui). It's been added to the next build of snorby but it's not ready yet. The only work around would be saving a search and doing 'classification is not x' for each.

Sorry, it will be added soon.

- Dustin

On Apr 18, 2012, at 4:40 PM, BPendygraft <bpendygr...@lloydmc.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
BPendygraft  
View profile  
 More options Apr 19 2012, 8:17 am
From: BPendygraft <bpendygr...@lloydmc.com>
Date: Thu, 19 Apr 2012 05:17:09 -0700 (PDT)
Local: Thurs, Apr 19 2012 8:17 am
Subject: Re: View only unclassified events
Print | Individual message | Show original | Report this message | Find messages by this author
Thanks for the response. I hadn't seen the Events tab, must have been
too mesmerized by all the stuff I had coming in and all the pretty.
Great to hear that feature will be coming.

On Apr 18, 8:43 pm, Gmail <dustin.web...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google