1
00:00:01,450 --> 00:00:09,280
In this lecture I will continue explaining how to work with Ilsa using more options but clearly displaying

2
00:00:09,280 --> 00:00:14,240
the summary statistics using the GROUP BY clause or cured.

3
00:00:14,320 --> 00:00:22,480
So here in Asia we see the field summary about the results that we have gotten where we have for example

4
00:00:22,880 --> 00:00:30,320
1 program 1 class 9 source IP addresses 85 source sports and so on.

5
00:00:31,570 --> 00:00:38,140
And if we want to display the 9 source this is that our present in these records.

6
00:00:38,140 --> 00:00:47,850
I will click here and we see that a new tab appeared with 57 IP addresses with the number of records

7
00:00:48,180 --> 00:00:58,750
for each source IP and you might ask but we should have nine source IP addresses not fifty seven and

8
00:00:58,750 --> 00:01:08,710
the answer to this question is that the nine source I read this is out for the first 100 records while

9
00:01:08,710 --> 00:01:21,970
the fifty seven source IP addresses are for the whole 1000 plus records and to be sure of that I will

10
00:01:23,150 --> 00:01:36,230
go to the first tab and then insert the or change the limit for the number of the records to be fifteen

11
00:01:36,230 --> 00:01:36,670
hundred.

12
00:01:38,540 --> 00:01:48,160
And then I will hit on into and we see that a new tab appeared with the source.

13
00:01:48,170 --> 00:01:51,410
I have addresses to be fifty seven

14
00:01:54,260 --> 00:02:10,770
and also in the first tab we see that when we clicked on the source IP link that in the second tab

15
00:02:13,820 --> 00:02:22,640
the query field was related automatically with the group by keyword based on the source IP address.

16
00:02:23,460 --> 00:02:33,120
So this is another way for displaying the summary statistics by using the group by keyword in the query

17
00:02:33,360 --> 00:02:37,490
field also.

18
00:02:37,620 --> 00:02:42,370
There is a third way to displaying these.

19
00:02:42,480 --> 00:02:49,530
Somebody said 6 which is by using the report on a drop down menu.

20
00:02:49,560 --> 00:03:01,750
So here if I go to the first tab and then select report on and then put a connection and then source

21
00:03:01,780 --> 00:03:07,980
IP we see that the group by cured.

22
00:03:08,310 --> 00:03:15,270
Based on broken it open source IP was added to the query field and then I will hit head on enter and

23
00:03:15,270 --> 00:03:30,010
we see that a new tab pose appeared with the same results as the previous tab and also we have another

24
00:03:30,010 --> 00:03:40,330
or fourth way or final way for displaying the somebody's statistics which is by using the connections

25
00:03:40,420 --> 00:03:43,070
or janitors top link.

26
00:03:43,360 --> 00:03:57,830
And to do that I will close all the opened taps and then I will click on this link here.

27
00:03:58,220 --> 00:04:06,260
So the connections top originators link and I will click.

28
00:04:06,260 --> 00:04:15,520
Now how do we see that we do not have any results because when we do that the data just changes back

29
00:04:15,520 --> 00:04:18,520
to be the data for the last two days.

30
00:04:18,520 --> 00:04:26,380
So I have to click on this from and then select the date to be this date.

31
00:04:26,380 --> 00:04:38,680
And also I will again change the limit to be fifteen hundred and I will hit on interrogation and we

32
00:04:38,680 --> 00:04:48,400
see that we have the same results based on the source Heidi.

33
00:04:48,640 --> 00:04:58,120
So also we see that somebody you summarize that sticks displayed the number of records for HIV starting

34
00:04:58,120 --> 00:05:05,520
with the most active one or the I.V. that has the highest number of records.

35
00:05:05,520 --> 00:05:13,280
So the most active one and we can rearrange the order by clicking here on the account

36
00:05:16,210 --> 00:05:24,440
and also by arranging the IP addresses based on the number of records.

37
00:05:25,280 --> 00:05:33,740
So starting with the most active one we can focus our analysis on the traffic that is more suspicious

38
00:05:33,740 --> 00:05:40,150
in order to eliminate the false positives as much as we can.

39
00:05:41,690 --> 00:05:49,700
So in this lecture I have explained how to work with the group by clause or cured in Ilsa and in the

40
00:05:49,700 --> 00:05:56,450
next lecture I will explain how to filter the results more based on a specific value.