-
Version2.4.60 Installation MethodSecurity Onion ISO image Descriptionother (please provide detail below) Installation TypeDistributed Locationon-prem with Internet access Hardware SpecsExceeds minimum requirements CPU8 RAM64 Storage for /445 Storage for /nsm894 Network Traffic Collectiontap Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailHi! Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Here's one possible reason. The default Fetch Limit for the Group Metrics section is 10 so you're only going to see the top 10 IP addresses. The default Fetch Limit for the Events table at the bottom is 100 so you're only going to see 100 events by default. The default search is likely querying thousands of logs or more. So it's quite possible that the 100 logs in the Events table just happen to be more obscure logs with different IP addresses compared to the Group Metrics section. If you click one of the IP addresses in the Group Metrics section and then click Include, then the events in the Events table should show that IP address. For more information, please see: If that doesn't explain what you're seeing, then please provide more information including screenshots. |
Beta Was this translation helpful? Give feedback.
Here's one possible reason. The default Fetch Limit for the Group Metrics section is 10 so you're only going to see the top 10 IP addresses. The default Fetch Limit for the Events table at the bottom is 100 so you're only going to see 100 events by default. The default search is likely querying thousands of logs or more. So it's quite possible that the 100 logs in the Events table just happen to be more obscure logs with different IP addresses compared to the Group Metrics section. If you click one of the IP addresses in the Group Metrics section and then click Include, then the events in the Events table should show that IP address. For more information, please see:
https://docs.security…