Distinguish between alert data (including generation tools) and
Distinguish between alert data (including generation tools) and previously covered NSM monitoring (including collection tools).
Example of post: ONLY AN EXAMPLE
The difference between alert data and the data collected by NSM is that alert data is slightly more processed by the alert infrastructure and appends alert information. The input data is largely the same between the two systems. The first family of data consists or raw unprocessed data. Full collection data, session data and additional data sources qualify as raw data sources. The second type of network data is processed data. Processed data consists of analyzed data, and data that has been evaluated for suspicious behavior and indicators of compromise.
A network interface can collect full network data in promiscuous mode. Promiscuous mode captures all data packet data within a broadcast zone. This data includes all layer two and layer three address information, protocol, and the data contents. Session data only addresses the highlights of a conversation. These highlights include all the same data as full content data sans the data content of the datagram/packet, who from, who to, when, how, and how much is contained in session data. There are many ways to gather additional data for analysis, but in my experience, some of the best methods compare network data to host data.
Analyzing other collected data generates statistical data to determine normal and anomalous behavior. Alert data is derived from any of the previous data types triggering an alert. Alerts can be triggered by matching with signatures or matching with through heuristic analysis. Alert data consists of the trigger data and is appended with alert information. Alert information describes why the alert was triggered and expected severity. Ultimately, alert data needs to be reviewed by network defenders to make decisions on network security and response actions. Defenders also can refine alerts based on previous alert experience and new threat intelligence to improve the accuracy of network alerts.
I did not mention tools like Squil, Zeek or Suricata because defense strategy should be tool agnostic and current tools change.
less
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
