CCNA CyberOps SECFND Objective 5.2

Describe these types of data used in security monitoring: Full packet capture, session data, transaction data, statistical data, extracted content, alert data

Understanding Cisco Cybersecurity Fundamentals (210-250)

Full Packet Capture

Full packet capture data can be very useful in analyzing what occurred on a network. Unfortunately to capture everything is very expensive in terms of the appliances needed, TAPS/SPANS and the storage to have any meaningful retention period.

Log Data Types

  • Session Data: Session data is data about who did something, but not necessarily what. Examples would be NetFlow data or AAA logs.
  • Transaction Data: Data that shows what has happened on a host, web logs would be an example.
  • Statistical Data: higher level analysis of data such as graphs and trending analysis
  • Extracted content: meta data extracted from flows and other data.
  • Alert data: data from SIEMs and other alerting tools like IPS/IDS