Chapter 10

Network Infrastructure Device Telemetry and Analysis

This chapter covers the following topics:

Network Infrastructure Logs

Traditional Firewall Logs

Syslog in Large-Scale Environments

Next-Generation Firewall and Next-Generation IPS Logs

NetFlow Analysis

Network Packet Capture

Network Profiling

This chapter covers different network and host security telemetry solutions. Network telemetry and logs from network infrastructure devices such as firewalls, routers, and switches can prove useful when you’re proactively detecting or responding to a security incident. Logs from user endpoints can help you not only for attribution if they are part of a malicious activity but also for victim identification.

“Do I Know This Already?” Quiz

Get Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.