-
|
Hi, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
They are in steno format. You can covert them to PCAP either via the GUI front end (Via Dashboard/Alerts/Ect) Or you can use: so-pcap-export You would need to know a bit about the pcap you are exporting, using stenoquery (info like x Hours/minutes before, X hours/minutes after, or hard dates. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your quick reply. |
Beta Was this translation helpful? Give feedback.
-
|
Dont think you can, but recommend a new discussion question for the above. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, and last question, do you know where can I find the steno query language syntax? |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/google/stenographer#querying Probably the best place to get the detaisl |
Beta Was this translation helpful? Give feedback.
They are in steno format. You can covert them to PCAP either via the GUI front end (Via Dashboard/Alerts/Ect)
Or you can use: so-pcap-export
https://docs.securityonion.net/en/2.3/stenographer.html?highlight=pcap%20export
You would need to know a bit about the pcap you are exporting, using stenoquery (info like x Hours/minutes before, X hours/minutes after, or hard dates.