1
00:00:01,140 --> 00:00:08,460
In this lecture I will continue explaining how to work with Ilsa by filtering the results based on a

2
00:00:08,460 --> 00:00:09,270
specific value.

3
00:00:10,200 --> 00:00:15,140
So here after getting the summary based on the source I've read this.

4
00:00:15,240 --> 00:00:22,290
If I want to get the records of a specific IP address I can click on the link for that IP.

5
00:00:22,290 --> 00:00:22,980
For example.

6
00:00:22,980 --> 00:00:24,240
The second one here.

7
00:00:26,010 --> 00:00:36,450
So now we see the records about this IP only and we can focus our analysis more about that one another

8
00:00:36,450 --> 00:00:47,670
way for doing that is just by typing manually the value of that Ivey in the query field as we see here

9
00:00:48,090 --> 00:00:57,260
which was done automatically when we have clicked on the summary link third way for searching for the

10
00:00:57,260 --> 00:01:02,810
records of a specific entry is by using the term drop down menu.

11
00:01:02,810 --> 00:01:10,500
So here in the query field I will remove the group by keyword

12
00:01:13,260 --> 00:01:25,620
and then from the term drop down menu I will select broken and then fill it source IP and then I will

13
00:01:25,830 --> 00:01:32,630
type the IP that I want to search for the record of it.

14
00:01:32,700 --> 00:01:34,770
So 10 not 100.

15
00:01:34,800 --> 00:01:46,320
And then I will click on add and we see that the proc on the source i.e. was added to the query field

16
00:01:46,380 --> 00:01:55,950
for that IP and then I will hit on enter here and we see that we have gotten the same results as we

17
00:01:55,950 --> 00:02:10,520
have for the previous step and a final way for doing that is by clicking on the link of the entity that

18
00:02:10,520 --> 00:02:14,330
we want to search for in the record itself.

19
00:02:14,330 --> 00:02:20,120
So here in the first step I will set the limit to be

20
00:02:23,100 --> 00:02:23,900
fifteen hundred

21
00:02:27,830 --> 00:02:31,250
and I will remove the crew by keyword

22
00:02:34,080 --> 00:02:45,470
and then I will change the from date to be state and then I will hit enter

23
00:02:49,470 --> 00:02:59,820
and I will search for the specific IP and I will find it on the ninth page.

24
00:02:59,930 --> 00:03:09,890
So we see this IP here so I will click on the link of that IP and then in the query field I will hit

25
00:03:09,920 --> 00:03:17,980
enter and we see that again the Ebro Connection to Source ivy for that IP was added to the query field.

26
00:03:17,990 --> 00:03:22,540
So now I will hit on inter and we see that.

27
00:03:22,550 --> 00:03:29,780
Also we have gotten the same results.

28
00:03:29,780 --> 00:03:39,880
So now if we want to focus more on a specific record we can click on the Info link for that record.

29
00:03:41,210 --> 00:03:56,960
For example this one and then select get b cap and enter our credentials so the user name and the password

30
00:03:57,020 --> 00:03:59,690
and click on submit.

31
00:04:00,080 --> 00:04:07,610
And here we see the details about this record.

32
00:04:07,610 --> 00:04:08,900
For example the

33
00:04:11,740 --> 00:04:22,690
operating system used and also the transactions done between the client which is presented in blue and

34
00:04:23,080 --> 00:04:27,840
the server which is presented in red.

35
00:04:28,000 --> 00:04:35,590
So in this lecture I have explained how to focus the analysis more based on a specific entry and how

36
00:04:35,590 --> 00:04:42,790
to display the details of a specific record using the get b cap or CAD me.

37
00:04:42,820 --> 00:04:47,620
And in the next lecture I will start explaining how to use signally.