I run Suricata in user mode to read a Pcap file to scan for alerts. I want to find out the Pcap packets that trigger an alert. I search Suricata documents to find out how, but could not find out anything.
I will appreciate if someone can let me know how to find out the packets that trigger an alert.
Thanks