Counting Keystrokes of Sguil Users

["Dixon, Cheryl CTR" <Cheryl.A.Dixon1 () uscg mil>]

Hi:

Is there a way to count the number of times a Sguil user clicked the F8 button to change an alert's status from 
'uncategorized' to 'No Further Action Required'?   

I know how to count the number of records that were changed in the manner mentioned above using the event and status 
tables in a query where 'status.status_id=...'  in a SQL SELECT statement.  But that counts the number of times the 
event(s) went to an F8 status (for example, within an 8 hour period), etc.   

What I want to know if there a way to determine within (for example) the same 8 hour period, how many times a Sguil 
user clicked the F8 key to flag an new event for a status change of F8 ('No Further Action Required')?

If so what Sguil databases and tables can be queried?  Where are they located within the software?


Thanks.  Any help is greatly appreciated.

Cheryl Dixon

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!