Two related questions here. It would be nice to be able to use the search to only show impacts above a certain threshold. Are there any special tags to do this? With those results it'd be nice to be able to sort them somehow by impact, date, or one of the other columns. Can this be done or is this a planned feature? I know I can pretty much do all of the above using phpmyadmin but it would be nice to have it incorporated into the interface somehow.
But I've even run into roadblocks using phpmyadmin. Often times I receive an email for intrusions that have a value greater than 20 but when I go back to look in phpmyadmin I don't see anything. Part of the reason that I can find it that often the impact values we receive by email are combined impacts from multiple detected attacks in one request. So while I get an email with a value of 24, I'd have to know to look for three alerts of with an impact of 8. Can these be grouped somehow or is there another way to address this?