Chapter 2 - Understanding NSM Tools and Data Flashcards

1
Q

Software that collects, maintains, processes, and presents network security data.

A

Network Security Monitoring software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the six common NSM data types

A

Session data, Packet Capture, Transaction, Alert, Statistical, and Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe Session data

A

Summary data associated with network conversations that included who talked with whom and when. Usually includes at least the IP 5-tuple.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe Transaction data

A

This lies between session data and packet capture. Most commonly seen as web, DNS, or SMTP server logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe Alert data

A

Alert data is generally produced by IPS systems and are generated when certain conditions match a specific signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe Statistical data

A

Statistical data is summaries over period of time usually presented as graphs or overall numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Metadata

A

Metadata is data about data. Examples include Geolocation data, reputation scores, and IP/Network ownerships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is described as bringing together multiple data types and multiple data sources to reveal all event/incident information?

A

Correlation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly