4.9 Flashcards
Packet Captures
used to capture and analzye network traffic
What types of logs are there?
firewall, app, endpoint, os specific, ips and ids, networ
SIEM
security info and event monitoring system
Real-time analysis of security alerts from applications and network hardware
■ Combination of different data sources into one tool
■ Provides a consolidated view of network activity
■ Allows for trend analysis, alert creation, and correlation of data
Log files
Records events and messages in operating systems, software, and network
devices
■ Includes network, system, application, security, web, DNS, authentication, dump
files, VoIP, and call managers
Syslog, Rsyslog, Syslog-ng
■ Tools for centralizing log data from different systems into a repository
■ Commonly used to feed data into SIEM
Journalctl
Linux command-line utility for querying and displaying logs from the Journal
Daemon (SystemD’s logging service)
nxlog
Multi-platform, open-source log management tool
■ Identifies security risks and analyzes logs from server, OS, and applications
netflow
Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and path
sFlow
sampled flow
Open-source alternative to NetFlow
■ Exports truncated packets and interface counter for network monitoring
IPFix
(Internet Protocol Flow Information Export)
■ Universal standard for exporting IP flow information
■ Used for mediation, accounting, and billing by defining data format for exporters
and collectors
MD5/SHA256 Checksum
Serves as unique digital fingerprint for file identification, including potential
malware