-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Effective Threat Investigation for SOC Analysts
By :

The flow, also commonly known as NetFlow, is network session information generated by network devices, such as routers and layer 3 switches, to aid network engineers during network issue troubleshooting. The flows have several names, based on the device vendor – for example, the used protocol for Cisco devices’ flow control is NetFlow (which is the most common and well-known flow protocol), Jupiter devices’ flow protocol is J-Flow, and HP devices’ flow protocol is Netstream.
Regardless of the name of the protocol used to generate the network session information, the generated information includes at least the following details:
Most SIEM solutions provide an integration capability to receive flows from different network devices. As an SOC analyst, you should take advantage of the network...
Change the font size
Change margin width
Change background colour