Creating a query with Network Criteria on the SMS!

Product / Version includes:

TippingPoint SMS All

Last updated: 2024/07/26

Solution ID: KA-0017159

Category: Configure , Troubleshoot , Deploy

Summary

Constructing Queries: Queries are constructed in the Events Query Pane, and the results are displayed in the Display Pane. To access the Events Query Pane, click the Events button on the Toolbar and then click Events in the Navigation pane. To display the Events screen, click the Events button on the Toolbar.

Network Criteria: The SMS can perform search queries based on single, multiple, or ranges of source and destination addresses and ports. In the source (Src Port) and destination (Dest Port), you can enter a range that uses a dash and multiple ports by separating with commas (,). To enhance searches, you can enter both types of parameters in the port field. For example, to display events with a source port of 22, 25, or between 1000 and 32000, you would enter "22,25,1000-32000". IP address fields support single entries or CIDR blocks.

Network Criteria Query Pane Fields
Section	Description
Addresses & Ports	It enables you to enter criteria for searching and displaying events. These options include the following: -Src Addr - Source IP address -Src Port - Port of the source IP address -Dst Addr - Destination IP address -Dst Port - Port of the destination IP address
Packet Trace	Indicates if the query should locate action sets with packet trace enabled: -All -Events with Packet Trace -Events without Packet Trace
VLAN ID	It enables you to enter criteria for searching and displaying events based on your VLAN ID.

Procedure:

Log in to the SMS from a client.
On the top Navigation menu, click Events.
On the Events screen, click Inspection Events in the Navigation pane.
On the Query pane, select the triangle symbol (▶) next to Network Criteria to expand this option.
In the Addresses and Ports area, enter:
- Src Addr(s) - Source IP address
- Src Port(s) - Port of the source IP address
- Dst Addr(s) - Destination IP address
- Dst Port(s) - Port of the destination IP address
When searching for source or destination IP addresses, you can:
- Enter multiple IP addresses separated by commas.
- Enter one address or a CIDR block.
- Exclude IP addresses in a CIDR block using the "!" symbol.
Select the desired entry from the Packet Trace drop-down listings.
If you want to include a VLAN ID in your search query, enter the ID in the VLAN area.
Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of rows may decrease the query processing time.
Click Refresh. The returned attack events are displayed in the List pane.
To save this query, click Save As. When prompted, enter a name for the query. The query will be displayed in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane will reset and clear the criteria fields.

Note: You are not required to complete all query fields. Complete only as many as you need to execute your query successfully.

Reference: SMS User Guide

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Creating a query with Network Criteria on the SMS!

Creating a query with Network Criteria on the SMS!

Product / Version includes:

Summary