Thank you for your reply. I just thought that with a whole folder of different PCAPs who are proven attacks would trigger more events. Here's a little more info:
Data inputs monitors a file /var/log/snort/alert
Source Type: Manual, snort
Event types, these basically search the classification of the alerts. I'm currently only getting network trojans and the snort-alert (of coarse). I'm thinking my data may just simply be limited:
- snort-alert
- snort_dos
- snort_exploit
- snort_information_leak
- snort_login
- snort_potentially_bad
- snort_privilege_gain
- snort_scan
- snort_trojan
... View more