Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/18

Click to flip

18 Cards in this Set

  • Front
  • Back
What are the three main types of content in the NetWitness Live framework?
-Feeds
-Applcation and Netowrk Rules
-Parsers
What are lists ofmeta such as filesnames, IPs, domains used to classify content in Netwitness?
-Feeds
What are basic combinations of meta used to filter, truncate or create new meta?
- Application or Network Rules
What are used for deep inspection oftraffic or custom token identification?
- Parsers
What is the basic data flow from the decoder to the concentrator?
- Data Arrives in Decoder
- Evaluated by Network Rules
- Packets assembled into Sessions
- Evalueated by Flex and App Parsers
- Evaluated by Feed Parsers
- Evaluated by Application Rules
- Data sent to Decoder
What are 4 types of Feeds in Netwitness Live?
-Threat Feeds
-Third Party Feeds
-Self-generating Feeds
- Custom Feeds
What type of feed uses an Informer rule action result set to create an updated feed file?
-Self Generating Feeds
What type of feed would compare a list of known malware domains agaist host name meta elements?
- Threat Feed
What is an open source feed that tracks botnets and command and control exploits?
-www.malwaredomainlist.com
What is a feed that provides a researcher based blacklist of malware and exploits?
-zeustracker.abuse.ch
What is a feed that provides independent cybercrime research focused on Financial Fraud?
-www.mynetwatchman.com
What types of rules does Netwitness allow users to define?
-Informer Rules
-Decoder Application Rules
-Decoder Network Rules
What rules are used to define the data collected by NetWitness at the session level?
-Application Rules
What rules are applied at the packet level?
-Network Rule
What is an open programming language for customizing logic in Netwitness?
-FLex Parser
What are the two types of Flex Parsers?
- Service indentification based on port
- Service identification based on a found token
What Flex Parser type identifiies a sesssion application type by source or destination port?
- A Flex Parser that does Service Identification based on port
What Flex Parser identifies the service type using a definable token?
- A flex parser that does Service Identification based on a found token