Log data refers to raw log files generated from devices, systems, or applications. The result is a data type that provides granularity closer to that of FPC data, while maintaining a size that is much more manageable and allows increased data retention. This data format consists of clear text strings from specified protocol headers (for instance, HTTP header data). PSTR is derived from FPC data, and exists as an intermediate data form between FPC data and session data. This can take a lot of different forms, such as statistics supporting the examination of outliers from a standard deviation, or data points identifying positive or negative relationships between two entities over time. Statistical data is the organization, analysis, interpretation, and presentation of other types of data. While session data doesn’t provide the level of detail found in FPC data, its small size allows it to be retained for a much longer time, which is incredibly valuable when performing retrospective analysis.
Also known as a conversation or a flow, this summary data is one of the most flexible and useful forms of NSM data. Session data is the summary of the communication between two network devices. Other data types, such as statistical data or packet string data, are often derived from FPC data. While FPC data can be quite overwhelming due to its completeness, its high degree of granularity makes it very valuable for providing analytic context. The most common form of FPC data is in the PCAP data format. Full Packet Capture (FPC) DataįPC data provides a full accounting for every data packet transmitted between two endpoints. Later chapters of this book will be devoted entirely to different NSM data types, but in order to provide the appropriate context for discussing sensor architecture, it becomes pertinent to provide a brief overview of the primary NSM data types that are collected for detection and analysis. Chris Sanders, Jason Smith, in Applied Network Security Monitoring, 2014 NSM Data Types
0 kommentar(er)
