O'Reilly logo

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide: Exam 500-285 by John Gay, Alex Tatistcheff, Todd Lammle

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11 Correlation Policy

THE SSFIPS EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:

  • ✓ 11.1 Describe the components of a correlation policy
  • ✓ 11.2 Understand the process for creating a white list
  • ✓ 11.3 Describe the purpose and creation of traffic profiles
  • ✓ 11.4 Be familiar with the types of responses available when dealing with correlation policies

Correlation policy is an often overlooked but useful feature of the FireSIGHT System. The features available in this area concentrate on detection of unusual activity rather than specific intrusion or malware events. By using correlation rules, white lists, and traffic profiles, we can detect network or host behaviors that may be an indication of malicious activity. In this chapter, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required