![]() While session data doesn’t provide the level of detail found in FPC data, its small size allows it to be retained for a much longer time, which is incredibly valuable when performing retrospective analysis. Also known as a conversation or a flow, this summary data is one of the most flexible and useful forms of NSM data. Session data is the summary of the communication between two network devices. Other data types, such as statistical data or packet string data, are often derived from FPC data. While FPC data can be quite overwhelming due to its completeness, its high degree of granularity makes it very valuable for providing analytic context. The most common form of FPC data is in the PCAP data format. ![]() Full Packet Capture (FPC) DataįPC data provides a full accounting for every data packet transmitted between two endpoints. Later chapters of this book will be devoted entirely to different NSM data types, but in order to provide the appropriate context for discussing sensor architecture, it becomes pertinent to provide a brief overview of the primary NSM data types that are collected for detection and analysis. Chris Sanders, Jason Smith, in Applied Network Security Monitoring, 2014 NSM Data Types
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |