Network security data comes in from a number of different sources. Packet captures are important ways of identifying an intrusion into a system, but there are other systems that detect, defeat, and deter threats. This data is vital to see what is being sent across the network, by and to whom, but most importantly, to determine what is causing this.
We will look at different network security files and identify different bits of information. This is always a question in the 210-255 exam and an important part of the job of a SOC.
The following topics will be covered in this chapter:
- PCAP files and Wireshark
- Alert identification
- Security technologies and their reports
- Evaluating alerts
- Decisions and errors