Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

18 Cards in this Set

  • Front
  • Back
What are the three main types of content in the NetWitness Live framework?
-Applcation and Netowrk Rules
What are lists ofmeta such as filesnames, IPs, domains used to classify content in Netwitness?
What are basic combinations of meta used to filter, truncate or create new meta?
- Application or Network Rules
What are used for deep inspection oftraffic or custom token identification?
- Parsers
What is the basic data flow from the decoder to the concentrator?
- Data Arrives in Decoder
- Evaluated by Network Rules
- Packets assembled into Sessions
- Evalueated by Flex and App Parsers
- Evaluated by Feed Parsers
- Evaluated by Application Rules
- Data sent to Decoder
What are 4 types of Feeds in Netwitness Live?
-Threat Feeds
-Third Party Feeds
-Self-generating Feeds
- Custom Feeds
What type of feed uses an Informer rule action result set to create an updated feed file?
-Self Generating Feeds
What type of feed would compare a list of known malware domains agaist host name meta elements?
- Threat Feed
What is an open source feed that tracks botnets and command and control exploits?
What is a feed that provides a researcher based blacklist of malware and exploits?
What is a feed that provides independent cybercrime research focused on Financial Fraud?
What types of rules does Netwitness allow users to define?
-Informer Rules
-Decoder Application Rules
-Decoder Network Rules
What rules are used to define the data collected by NetWitness at the session level?
-Application Rules
What rules are applied at the packet level?
-Network Rule
What is an open programming language for customizing logic in Netwitness?
-FLex Parser
What are the two types of Flex Parsers?
- Service indentification based on port
- Service identification based on a found token
What Flex Parser type identifiies a sesssion application type by source or destination port?
- A Flex Parser that does Service Identification based on port
What Flex Parser identifies the service type using a definable token?
- A flex parser that does Service Identification based on a found token