Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
What are the three main types of content in the NetWitness Live framework?
|
-Feeds
-Applcation and Netowrk Rules -Parsers |
|
|
What are lists ofmeta such as filesnames, IPs, domains used to classify content in Netwitness?
|
-Feeds
|
|
|
What are basic combinations of meta used to filter, truncate or create new meta?
|
- Application or Network Rules
|
|
|
What are used for deep inspection oftraffic or custom token identification?
|
- Parsers
|
|
|
What is the basic data flow from the decoder to the concentrator?
|
- Data Arrives in Decoder
- Evaluated by Network Rules - Packets assembled into Sessions - Evalueated by Flex and App Parsers - Evaluated by Feed Parsers - Evaluated by Application Rules - Data sent to Decoder |
|
|
What are 4 types of Feeds in Netwitness Live?
|
-Threat Feeds
-Third Party Feeds -Self-generating Feeds - Custom Feeds |
|
|
What type of feed uses an Informer rule action result set to create an updated feed file?
|
-Self Generating Feeds
|
|
|
What type of feed would compare a list of known malware domains agaist host name meta elements?
|
- Threat Feed
|
|
|
What is an open source feed that tracks botnets and command and control exploits?
|
-www.malwaredomainlist.com
|
|
|
What is a feed that provides a researcher based blacklist of malware and exploits?
|
-zeustracker.abuse.ch
|
|
|
What is a feed that provides independent cybercrime research focused on Financial Fraud?
|
-www.mynetwatchman.com
|
|
|
What types of rules does Netwitness allow users to define?
|
-Informer Rules
-Decoder Application Rules -Decoder Network Rules |
|
|
What rules are used to define the data collected by NetWitness at the session level?
|
-Application Rules
|
|
|
What rules are applied at the packet level?
|
-Network Rule
|
|
|
What is an open programming language for customizing logic in Netwitness?
|
-FLex Parser
|
|
|
What are the two types of Flex Parsers?
|
- Service indentification based on port
- Service identification based on a found token |
|
|
What Flex Parser type identifiies a sesssion application type by source or destination port?
|
- A Flex Parser that does Service Identification based on port
|
|
|
What Flex Parser identifies the service type using a definable token?
|
- A flex parser that does Service Identification based on a found token
|
