Given an
IP, I need to find every endpoint it has communicated with and every conversation they had (captured across all devices).
Basically something like this.... Given the IP address 1.1.1.1:
src
- dst - device - date
1.1.1.1 - 2.2.2.2 - router1 - 01/01/14 2:00 pm
1.1.1.1 - 2.2.2.2 - router2 - 01/01/14 2:00 pm
1.1.1.1 - 3.3.3.3 - router1 - 01/05/14 8:30 am
<and so on>
I'll have multiple source IP's I need to find this information for. I'm fine with extra information as long as I can manipulate it to remove it... which brings me to a second question:
How do I manipulate search results... specifically, if I want to to pull data from the Top X endpoints to sort or manipulate in some other way, how do I do that? Can I see the raw data tables
somewhere or export this information to txt/csv/excel/access or anything like that?