Flashcards in Chapter 13 - Describing Security Data Collection Deck (11):
Name 6 Monitoring Data Types
1. Session Data
2. Full Packet Capture
3. Transaction Data
4. Extracted Content
5. Statistical Data
6. Alert Data
Describe Session Data
Contains "5-tuple" for each session including timestamps and the amount of data transferred.
Example - NetFlow
Describe Full Packet Capture
A record containing all bits transferred on the wire.
Example - PCAP file / Wireshark
Describe Transaction Data
The are usually produced by daemon or services and occur as a result of network sessions and system activities.
Example - HTTP or SMTP daemon logs
Describe Extracted Content
Objects that are mined from network traffic.
Example - files downloaded from web site or email attachments
Describe Statistical Data
Takes other security monitoring data types and presents it at a higher level. Useful for forming baselines.
Example - Graph that shows web server connections per minute
Describe Alert Data
Generally produced by IDS or IPS and triggered when traffic characteristics match a specific rule
Define False Positive
When a security control acts when malicious activity did not take place
Define False Negative
When a security control did not act when malicious activity did take place
Define True Positive
When a security control acted when malicious activity did take place.