Chapter 2 - Understanding NSM Tools and Data Flashcards
Software that collects, maintains, processes, and presents network security data.
Network Security Monitoring software
Name the six common NSM data types
Session data, Packet Capture, Transaction, Alert, Statistical, and Metadata
Describe Session data
Summary data associated with network conversations that included who talked with whom and when. Usually includes at least the IP 5-tuple.
Describe Transaction data
This lies between session data and packet capture. Most commonly seen as web, DNS, or SMTP server logs.
Describe Alert data
Alert data is generally produced by IPS systems and are generated when certain conditions match a specific signature.
Describe Statistical data
Statistical data is summaries over period of time usually presented as graphs or overall numbers.
Describe Metadata
Metadata is data about data. Examples include Geolocation data, reputation scores, and IP/Network ownerships.
What is described as bringing together multiple data types and multiple data sources to reveal all event/incident information?
Correlation
