When I click on 'Search', for example the last 15 mins, I see all alerts but 'Snort event search' only allows me to search for a subset of the data. For example I have test rule triggering on ICMP traffic. I have the traffic I am generating by ping command as well as network traffic being generated by running applications. I see all the alerts being created in my Barnyard logs and in Splunk when I use 'Search' but when I click on 'Snort event search', I am only able to see the traffic being generated by the running applications. None of the ping traffic I am generated is searchable in that window.
Am I missing something or is this broken?
Any help appreciated.
... View more