Network Data Analysis

  • Network data, such as firewall, web proxy, or NetFlow; contains detailed records of all activities between users and hosts, since the network is the medium for all device communication.

  • For example, Web proxy data, contains all records of all web communication between an internal host and external web servers. Analyzing web proxy data traffic events can help determine malicious activities in the network (for example), whether Command and Control activities are happening in the network.

Analysts can search to find out important information such as:

  • What internal and external entities are involved in malicious activities?

  • What types of activities are associated during the time window of Command and Control connections? Either from directly web proxy logs or other sub-system activities?

Reference

Splunk Site

PreviousEmail AnalysisNextWeb Application Security

Last updated