Searching Flight Recorder Information

Defining the attributes of the flight recorder in the console is an administrative function and must be performed prior to accessing the flight recorder. However once done, the flight recorder information can be accessed and searched. To do this, simply click on Flight Recorders in the console tree.

You will be presented with the following search screen:

You can select ranges of fields for searching or simply click the Search button to view all Flight Recorders:

In this case there is one Flight Recorder in the ATTACK table in the HISTORY database. You can see the DEVICE_ID used to trigger the attack, when it was started and its status (Open meaning that it is still recording, Closed meaning that recording for the specified DEVICE_ID has been stopped).

Following this is the number of records recorded so far for the given DEVICE_ID, the reason for the trigger, the IP address, the User ID (if known), the Case Number if a case has been triggered and the Browser used at the time of the trigger.

We can deduce that someone attempted an SQL injection attack in the password field on the QwertyLogon page.