////////////////////////
// CEREBUS Tips
////////////////////////
[ CEREBUS News ]
[ Tutorial ] [ Hints and Tips ]
[ Download ] [ Support ]
////////////////////
// Cerebus Hints:
////////////////////
-In the upper right corner of the screen are indicator toggles for the
collapse modes. To toggle a collapse mode just reselect it.
-The sort order is a stack. It gets reset when you sort by (E)vent
-You can see the sort stack indicator in the upper right next to the
collapse indicators.
-The (E)xpand command will clear all collapsing. All the records
will be ungrouped as you page through the data.
-If you accidentally deleted some records you can re-merge the
files you loaded earlier. Cerebus will tell you how many records
it restored. It will automatically weed out duplicate event IDs.
-If you are analyzing live files that snort is writing to, you can
re-merge the files to get the new records recently written out.
-Flipping over alert files daily/weekly seems to be a nice way
to manage datasets.
////////////////////
// Cerebus Caveats:
////////////////////
-Cerebus is not perfect. It's just zippy. If it crashes on you
you have either found a bug and you should tell me or you
need more memory :-). (It will give a diagnostic in this case)
////////////////////
// Mandatory Commercial Content:
////////////////////
-dr is available for ids consulting and analysis and system
projects. cerebus is available for custom implementation
integration. more toys under construction. Since Sourcefire
hasn't recently been farming out any more remote development
work now that they have a full team in-house in MD I am
actively seeking development and consulting contracts
until I get busy with my conference preparations again.
cheers,
--dr
--
dr@dursec.com pgp: http://dragos.com/dr-dursec.asc
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002
Aardvarks Kick Ass