CCNA CyberOps SECFND Objective 5.2

March 15, 2019

Describe these types of data used in security monitoring: Full packet capture, session data, transaction data, statistical data, extracted content, alert data
Understanding Cisco Cybersecurity Fundamentals (210-250)

Full Packet Capture

Full packet capture data can be very useful in analyzing what occurred on a network. Unfortunately to capture everything is very expensive in terms of the appliances needed, TAPS/SPANS and the storage to have any meaningful retention period.

Log Data Types

Session Data: Session data is data about who did something, but not necessarily what. Examples would be NetFlow data or AAA logs.
Transaction Data: Data that shows what has happened on a host, web logs would be an example.
Statistical Data: higher level analysis of data such as graphs and trending analysis
Extracted content: meta data extracted from flows and other data.
Alert data: data from SIEMs and other alerting tools like IPS/IDS

Related

Blog, CCNA CyberOps, Certification, cisco

| Tags: CCNA CyberOps, certification, cisco, Cisco Certified Cyber Ops Associate

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Ben Story 2024.

© Pack IT Forwarding 2024. Powered by WordPress