You can send all of the visible packet data to CyberChef by clicking the CyberChef icon on the right side of the table header. You can select text with your mouse and then use the context menu to send that selected text to CyberChef, Google, or other destinations defined in the actions list. By disabling Show all packet data and HEX, we can get an ASCII transcript. There are buttons at the top of the table that control what data is displayed in the individual rows. You can drill into individual rows to see the actual payload data. If there are many packets in the stream, you can use the LOAD MORE button, Rows per page setting, and arrows to navigate through the list of packets. Security Onion will then locate the stream and render a high level overview of the packets. In most cases, you’ll pivot to PCAP from a particular event in Alerts, Dashboards, or Hunt by choosing the PCAP action on the action menu.Īlternatively, you can go directly to the PCAP interface, click the blue + button, and then put in your search criteria to search for a particular stream. This interface allows you to access your full packet capture that was recorded by Stenographer. Security Onion Console (SOC) gives you access to our PCAP interface.
0 kommentar(er)
