Chapter 11 Correlation Policy
THE SSFIPS EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:
- ✓ 11.1 Describe the components of a correlation policy
- ✓ 11.2 Understand the process for creating a white list
- ✓ 11.3 Describe the purpose and creation of traffic profiles
- ✓ 11.4 Be familiar with the types of responses available when dealing with correlation policies
Correlation policy is an often overlooked but useful feature of the FireSIGHT System. The features available in this area concentrate on detection of unusual activity rather than specific intrusion or malware events. By using correlation rules, white lists, and traffic profiles, we can detect network or host behaviors that may be an indication of malicious activity. In this chapter, ...
Get SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide: Exam 500-285 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.