Squert - Summary tab not working with Countries based filter
162 views
Skip to first unread message
bug...@gmail.com
Feb 18, 2016, 12:18:27 PM2/18/16
to security-onion
Hi again,
Just noticed something on the Squert summary page which doesn't seem right.
- I have cleared all my RT queue in the EVENTS tab (not sure it makes a difference, but that's my current status)
- I go to the Summary tab
- I set my timeline from 1st Jan 2015 to 18th Feb 2016, to be sure I get the full timeline
- I click on either a SOURCE or DESTINATION IP and add it to "SRC or DST" filter
- There is no events being displayed
This works if you create a filter on IP, port, Signatures, but not on Countries
It does work in the Event tab, but not on the summary tab.
Thanks.
Bugs.
Doug Burks
Feb 18, 2016, 2:01:21 PM2/18/16
to securit...@googlegroups.com
On Thu, Feb 18, 2016 at 12:18 PM, <bug...@gmail.com> wrote:
> Hi again,
>
> Just noticed something on the Squert summary page which doesn't seem right.
>
> - I have cleared all my RT queue in the EVENTS tab (not sure it makes a difference, but that's my current status)
> - I go to the Summary tab
> - I set my timeline from 1st Jan 2015 to 18th Feb 2016, to be sure I get the full timeline
> - I click on either a SOURCE or DESTINATION IP and add it to "SRC or DST" filter
Assuming you meant SOURCE or DESTINATION *Country* instead of IP, then
> Hi again,
>
> Just noticed something on the Squert summary page which doesn't seem right.
>
> - I have cleared all my RT queue in the EVENTS tab (not sure it makes a difference, but that's my current status)
> - I go to the Summary tab
> - I set my timeline from 1st Jan 2015 to 18th Feb 2016, to be sure I get the full timeline
> - I click on either a SOURCE or DESTINATION IP and add it to "SRC or DST" filter
yes, I can duplicate this:
https://github.com/Security-Onion-Solutions/security-onion/issues/868
--
Doug Burks
bug...@gmail.com
Feb 18, 2016, 3:08:17 PM2/18/16
to security-onion
Yes, This is what I meant :)
Reply all
Reply to author
Forward
0 new messages