Sound the Alarm: Detection and Response: Module 4 Flashcards
(25 cards)
Anomaly-Based Analysis
A way to find strange or unusual behavior
Array
A list of items in order
Common Event Format (CEF)
A way to organize log data using labels and values
Configuration File
A file that sets up how a program works
Endpoint
A device like a computer connected to a network
Endpoint Detection And Response (EDR)
A tool that watches a device for threats
False Positive
A warning about a threat that isn’t real
Host-Based Intrusion Detection System (HIDS)
A tool that watches one device for attacks
Intrusion Detection Systems (IDS)
A tool that checks for signs of attacks
Key-Value Pair
A label and its matching value
Log
A record of what happened on a system
Log Analysis
Looking at logs to find important events
Log Management
Handling logs by collecting and storing them
Logging
Recording what happens on systems and networks
Network-Based Intrusion Detection System (NIDS)
A tool that watches network traffic for attacks
Object
A list of key-value pairs grouped together
Search Processing Language (SPL)
Splunk’s special search language
Security Information And Event Management (SIEM)
A tool that collects and checks log data for problems
Signature
A pattern used to spot bad behavior
Signature Analysis
Finding threats by looking for known patterns
Suricata
A tool that watches for attacks and analyzes network traffic
Telemetry
Data sent to be checked and analyzed
Wildcard
A symbol that can mean any character
YARA-L
A language for writing rules to search logs
