O'Reilly logo

The Tao of Network Security Monitoring Beyond Intrusion Detection by Richard Bejtlich

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9. Alert Data: Bro and Prelude

All of the NSM tools presented thus far in this book require analysts to decide what traffic is normal, suspicious, or malicious. Looking at full content data, an analyst might notice an odd packet header or application request. Session data might reveal an unusual outbound request to a foreign Web site. Statistical data could show an unexpected amount of ICMP traffic over a designated period. These tools leave the decision-making authority in the hands of the analyst.

Tools that generate alert data are different. They are preprogrammed to make judgments based on the traffic they inspect. IDSs are a specialized example of this class of application. Network-based IDSs inspect traffic for signs of intrusions and report ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required