1
00:00:01,440 --> 00:00:06,020
In this lecture I will start explaining about how to use.

2
00:00:06,420 --> 00:00:13,410
So I will click on the icon of screen and we see that we are being asked for our credentials

3
00:00:19,100 --> 00:00:28,010
and then we are being asked for the interfaces to be monitored and I will select to iterate one interface

4
00:00:28,010 --> 00:00:35,510
to be monitored with is not and then I will click on that screen and he will see the alerts coming from

5
00:00:35,510 --> 00:00:47,870
squeal and we see columns like the s.t. first status of alert column and we see hear the word of Aarti

6
00:00:47,870 --> 00:00:58,090
which means real time and we see here that we have alerts with the colors of red or orange.

7
00:00:58,100 --> 00:01:08,930
So these is the status of the alert and also we see columns like the count so the number of related

8
00:01:09,380 --> 00:01:10,860
alerts.

9
00:01:11,110 --> 00:01:22,110
And also we see the sensor which is here iterate one one which means snot and we can check for that

10
00:01:22,140 --> 00:01:24,350
if we click on the alien status.

11
00:01:24,590 --> 00:01:40,900
And here we see that snot is the Internet one one and also we see that the alerts has all started with

12
00:01:40,900 --> 00:01:45,250
the number of three which means again means snot.

13
00:01:45,580 --> 00:01:55,970
And also we see columns like the date and time the alert I.D. and source on the citizen IP addresses

14
00:01:56,090 --> 00:02:12,090
and bots and we click on this group of alerts and then click on Show back data we can see the data content

15
00:02:13,180 --> 00:02:17,880
on the packets of these alerts.

16
00:02:17,910 --> 00:02:28,740
So here we see the IP addresses DTV and data and we click on the showroom we see the rule of snort that

17
00:02:28,980 --> 00:02:33,090
triggered this group of alerts.

18
00:02:33,260 --> 00:02:41,330
And here we see that it is it CBC or the earlier Windows file download HDTV and for the second group

19
00:02:41,330 --> 00:02:46,780
of alerts we see that it is possible Trojan.

20
00:02:47,960 --> 00:03:00,350
And we can guess that these two groups of events are related since they have the same count number and

21
00:03:00,470 --> 00:03:11,030
also the same timestamp and the same socket information so the same source IP addresses and destination

22
00:03:11,030 --> 00:03:13,820
eyewitnesses source and destination bots.

23
00:03:16,590 --> 00:03:30,720
And if we want to show those group of related alerts we can click on the count column here and select

24
00:03:30,840 --> 00:03:32,210
view curated events.

25
00:03:32,250 --> 00:03:44,700
And here we see that the alerts are being and grouped so we are seeing now the related or those related

26
00:03:45,480 --> 00:04:00,980
events the 24 events so snort or angry crowd at those events since they are related so in this lecture

27
00:04:01,050 --> 00:04:08,100
I have started explaining about squeal by exploring its interface and in the next lecture I will continue

28
00:04:08,430 --> 00:04:14,970
that explanation specifically about how to buy vote from squeal into other tools.