Chapter 13 - Describing Security Data Collection Flashcards Preview

CyberOps Fundamentals > Chapter 13 - Describing Security Data Collection > Flashcards

Flashcards in Chapter 13 - Describing Security Data Collection Deck (11):
1

Name 6 Monitoring Data Types

1. Session Data
2. Full Packet Capture
3. Transaction Data
4. Extracted Content
5. Statistical Data
6. Alert Data

2

Describe Session Data

Contains "5-tuple" for each session including timestamps and the amount of data transferred.
Example - NetFlow

3

Describe Full Packet Capture

A record containing all bits transferred on the wire.
Example - PCAP file / Wireshark

4

Describe Transaction Data

The are usually produced by daemon or services and occur as a result of network sessions and system activities.
Example - HTTP or SMTP daemon logs

5

Describe Extracted Content

Objects that are mined from network traffic.
Example - files downloaded from web site or email attachments

6

Describe Statistical Data

Takes other security monitoring data types and presents it at a higher level. Useful for forming baselines.
Example - Graph that shows web server connections per minute

7

Describe Alert Data

Generally produced by IDS or IPS and triggered when traffic characteristics match a specific rule

8

Define False Positive

When a security control acts when malicious activity did not take place

9

Define False Negative

When a security control did not act when malicious activity did take place

10

Define True Positive

When a security control acted when malicious activity did take place.

11

Define True Negative

When a security control did not act because there was no malicious activity