SECOPS 2: NSM Tools and Data Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 2: NSM Tools and Data > Flashcards

Flashcards in SECOPS 2: NSM Tools and Data Deck (11)
Loading flashcards...
1

Session data

Summary data for network connections. Who talked to whom and when. Like a phone bill.

5 Tuple with timestamps

2

Full Packet Capture format

PCAP

3

Full content data

aka full packet capture

4

Transaction data

Details associated with requests and responses.

Example: Client GET request and server response

5

Alert data

Typically from IPS. Network traffic matches conditions to generate alert.

6

Statistical data

Statistics derived from NSM data

7

Statistical data over time produces...

baselines

8

Baselines define

what is normal

9

Anomalies

Deviations from normal

10

Metadata

Data about data.

11

Bro produces ... but can produce...

Session data, but can produce almost any data type (transaction, extracted, alert, etc.)