I'm assuming you've already been through the steps in the previous posts in this series:
Introduction to Sguil and Squert: Part 1
Introduction to Sguil and Squert: Part 2
Introduction to Sguil and Squert: Part 3
In Part 3, we saw Sguil's killer feature of being able to pull session transcripts from the full packet captures to show an entire attack from beginning to end. In Part 4, we're going to see one of Squert's killer features: alert visualization.
Using the alerts from yesterday's demo, we display them in Squert.
Right above the alerts, we click "create" and are then prompted for some options. We give it a name and keep the other options at their default settings.
We then click the "create" button and then a graph is generated of the alert data.
We can then click on the graph to open a larger version and see more detail.