Navigation Control Flashcards
Which of the following is a Web Intelligence Dashboard?
- HTTP Category Analysis
- Endpoint Center
- stream:http Protocol dashboard
- Network Center
HTTP Category Analysis
Web Intelligence dashboards include:
- HTTP Category Analysis
- HTTP User Agent Analysis
- New Domain Analysis
- URL Length Analysis
Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and has decided to integrate Splunk App for Stream with ES. Which dashboards will now be supported so analysts can view and analyze network Stream data?
Protocol Intelligence dashboards.
What is Protocol Intelligence?
A collection of dashboards and searches that report on the information collected from common network protocols. Use these to gain insight into HTTP, DNS, TCP/UDP, TLS/SSL, and common email protocols across system or network.
A security manager has been working with the executive team on long-range security goals. A primary goal for the team is to improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?
Configuring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.
What does Watchlisting Identities do?
- Adds ids to a watchlist to highlight users in various dashboards and searches.
- Watchlisted ids trigger the Watchlisted Event Observed correlation search, if enabled.
- Watchlisted users display on the User Activity dashboard
- Watchlist users by setting watchlist to true in the Identities lookup.
- You can also add websites to watchlists.
What is the main purpose of the Dashboard Requirements Matrix document?
Identifies on which data model(s) each dashboard depends.
To observe what network services are in use in a network’s activity overall, which of the dashboards in ES will contain the most relevant data?
Protocol Intelligence
What do the Protocol Intelligence dashboards do?
Use packet capture data from stream capture apps to provide network insights that are relevant to your security investigations.
- Identify suspicious traffic, DNS activity, email activity, and review the connections and protocols in use in your network traffic.
What tools does the Risk Analysis dashboard provide?
A display of the highest risk assets and identities.
Risk Analysis dashboard
- Displays recent changes to risk scores and objects that have the highest risk scores.
- Assess relative changes in risk scores and examine the events that contribute to an object’s risk score.
