30 Sep Distinguish between alert data (including generation tools) and
Distinguish between alert data (including generation tools) and previously covered NSM monitoring (including collection tools).
Example of post: ONLY AN EXAMPLE
The difference between alert data and the data collected by NSM is that alert data is slightly more processed by the alert infrastructure and appends alert information. The input data is largely the same between the two systems. The first family of data consists or raw unprocessed data. Full collection data, session data and additional data sources qualify as raw data sources. The second type of network data is processed data. Processed data consists of analyzed data, and data that has been evaluated for suspicious behavior and indicators of compromise.
A network interface can collect full network data in promiscuous mode. Promiscuous mode captures all data packet data within a broadcast zone. This data includes all layer two and layer three address information, protocol, and the data contents. Session data only addresses the highlights of a conversation. These highlights include all the same data as full content data sans the data content of the datagram/packet, who from, who to, when, how, and how much is contained in session data. There are many ways to gather additional data for analysis, but in my experience, some of the best methods compare network data to host data.
Analyzing other collected data generates statistical data to determine normal and anomalous behavior. Alert data is derived from any of the previous data types triggering an alert. Alerts can be triggered by matching with signatures or matching with through heuristic analysis. Alert data consists of the trigger data and is appended with alert information. Alert information describes why the alert was triggered and expected severity. Ultimately, alert data needs to be reviewed by network defenders to make decisions on network security and response actions. Defenders also can refine alerts based on previous alert experience and new threat intelligence to improve the accuracy of network alerts.
I did not mention tools like Squil, Zeek or Suricata because defense strategy should be tool agnostic and current tools change.
less
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.