Add option to search all sensors in PCAP interface #5343
-
|
When adding a pcap job manually through the web ui could there be an option to search all sensor nodes in the cluster? As it is I have 5 sensors and searching them independently is a slog. Or ... am I doing something wrong : ) |
Beta Was this translation helpful? Give feedback.
Answered by
dougburks
Sep 1, 2021
Replies: 1 comment
-
|
Most folks use Hunt to find the stream that they're looking for and then pivot to PCAP from there. This allows you to easily search across your entire deployment. For more information, please see https://docs.securityonion.net/en/2.3/hunt.html#context-menu. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
dougburks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Most folks use Hunt to find the stream that they're looking for and then pivot to PCAP from there. This allows you to easily search across your entire deployment.
For more information, please see https://docs.securityonion.net/en/2.3/hunt.html#context-menu.