Additional Data Analysis, Session Data, Statistical Data Distinguish between full content data (including collection tools), session data (including collection tools) and statistical data (including collection tools).
Research the topics. I attached an example of a post below.
This week we are discussing the difference between full content data, session data, and statistical data. It’s important to first understand that security monitoring is an absolute must in every organization. When you have security monitoring in place, it allows the security department to gather, analyze and set up solutions to prevent any data breach.
Full content data is the most flexible form of network-based information and probably the most important. It also provides the most information and details. Full content data allows you to narrow down on specific protocols and even IP addresses and the ability to slice and dice the data into so many different ways. “It provides granularity and application relevance, which means, granularity is the collection of every nuanced bit in a packet and application relevance refers to saving the information passed above the transport layer” (Bejtlich, 2004). A few tools are TCPdump, Libpcap, Tethereal, and Snort.
Session data is a summary of a packet exchange between two systems. Session data include several core elements that includes source IP, source port, destination IP, destination port, timestamp, and can even measure the amount of information exchanged during a session. Session data collects everything and anything it sees, which makes tracking hackers possible. Some tools that can be used is Cisco’s NetFlow, Fprobe, and Ng_netflow.
Statistical data is used to identify and validate intrusions. It allows you to review and summarize a collection of data in a clear way. Statistical data can be used to create a baseline and see what has been triggered. It allows you to have a better understanding of what is happening to the network. A few tools are cisco accounting, Ipcad, Ifstat, and Bmon.
Thank you ????
Bejtlich, R. (2004). The Tao of Network Security Monitoring Beyond Intrusion Detection. Addison-Wesley Professional.