Understanding NSM Tools and Data Flashcards

1
Q

Session Data

A
  • Summary data of network conversations.
  • Who talked with whom and when.
  • Examining session data is similar to a detective examining a phone bill.
  • Session Data is based on IP 5-tuple.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Full Packet Capture

A
  • Records all Network Traffic; packet by packet at specific network locations.
  • Data is written to disk, commonly in PCAP format.
  • Examining Full packer captures is similar to a detective reviewing a wiretap information.
  • Details exactly what was communicated.
  • Also known as full content data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Transaction Data

A
  • Transaction Data lies between session data and full packet capture.
  • Captures The Details that are associated with requests and responses.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Alert Data

A
  • Typically produced by IPS Systems.
  • Alerts are generated when certain traffic matches certain conditions for which the IPS is configured to respond.
  • Alert data highly depends on how well the IPS is tuned.
  • Even well tuned IPS will generate false positives
  • Alerts are automated judgment calls made by an engineered tool.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Statistical Data

A
  • NSM data collected over time, the data can be processed to produce statistical data.
  • Statistical data collected over time produces baselines. Baselines define what is normal. Baselines should be collected long enough intervals to include deviations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Metadata

A
  • Metadata is Data about data.
  • can be used to augment the NSM data that the SOC directly collects.
  • Geolocation data, reputation scores, and ownership of IP addresses.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly