|
高级安全分析模块(ASAM)事件列表
链的强大与否只取决于其最薄弱的环节。The chain is only as strong as its weakest link. It’s not the number of security holes plugged that is important, but one significant crack, through which the whole network is breached, is the most critical. The number of events to be monitored depends on how effective your NBA system is, and also on the intensity of threats posed by your network. The task of monitoring all the events could become quite tedious, more so with inclusion of false positives. But, with such high stakes, every single alert raised, needs to be monitored. There are, of course, ways to reduce the false negatives and making the reports easy-to-understand. Other than reducing the false positives, classifying and organizing the events / problems makes the job easier for you.
The ‘Event List’ in ASAM lists, classifies and organizes all the events that might become attacks. Also, ASAM assigns severity of an event; this allows you to prioritize your actions. The event list shows the following details related to a particular event
|
- ID - 此唯一ID被指派到所有事件,您可以使用以便于识别。This unique ID is assigned to all events and you can use if for ease of identification
- 故障 - 为您提供事件名称和类。
- 嫌疑主机 - 事件的嫌疑主机
- Routed Via - The various routers through which this flow was routed
- 目标 - 事件的目标主机
- 时间 - 事件产生的时间The time at which the flows for this event came
- Hits - The number of flows belonging to this problem
- Severity - ASAM assigns the severity of the event
- Status - Depending on whether the problem was worked on, you can change the status between open, closed and ignored
- Detail View - This lets your drilldown in to the problem
|
ASAM Event Filter Options
ASAM also gives an user-friendly advanced filter option that helps you fine tune your report. This filter narrows down the security snapshot report based on the criteria provided by you. The available criteria are Class-problem, target entity / host, offender entity / host, router / interface name, severity and status.
No one knows your network better than you. You might be running an in-house application from a server, which an NBA system might think of as a suspicious flow. In a case like that, ASAM gives you many ways to disable, ignore or discard such false positives.
- Manage Problems
- Discard Flows
- Ignore Events
ASAM Summary:
ASAM, offered as a simple add-on module of NetFlow Analyzer, leverages the underlying platform's agentless centralized data collection and forensic analysis capabilities, to offer greater value. NetFlow Analyzer is a robust, scalable and a proven platform offering bandwidth monitoring and unified traffic analytics.
Related Read:
Try NetFlow Analyzer with ASAM | Online Demo
|
|