STRM Users Guide
232
G
LOSSARY
Network Weight
The numerical value applied to each network that signifies the importance of the
network. The Network weight is user defined.
offense
Includes multiple events from one host.
Open Systems
Interconnection (OSI)
A framework of ISO standards for communication between different systems made
by different vendors, in which the communications process is organized into seven
different categories that are placed in a layered sequence based on their
relationship to the user. Each layer uses the layer immediately below it and
provides a service to the layer above. Layers 7 through 4 deal with end-to-end
communication between the message source and destination, and layers 3
through 1 deal with network functions.
OSI
See Open Systems Interconnection.
Packeteer
Packeteer devices collect, aggregate, and store network performance data. Once
you configure an external flow source for Packeteer, you can send flow information
from a Packeteer device to STRM.
package
Sentry component that contains the objects (variable default values) that are
forwarded to the Logic Unit to determine if an alert needs to be generated. For a
sentry, all variables in the package configuration overwrite the Logic Unit variables.
The objects are created from any defined STRM views, with the exception of the
main network view. For example, a package may contain all applications that you
wish to monitor for inappropriate use.
payload data
The actual application data, excluding any header or administrative information,
contained in an IP flow.
pivot
Allows you to filter using additional views, while maintaining the same time period
and other filtering options that you have already defined. The list of available views
in the Pivot box is updated dynamically depending upon the current QRL Definition
and current graph.
port view
Allows you to view network activity that is classified and monitored according to the
purpose of the ports different applications.
protocol
A set of rules and formats that determines the communication behavior of layer
entities in the performance of the layer functions. It may still require an
authorization exchange with a policy module or external policy server prior to
admission.
protocol view
You can classify network activity by protocols. The protocol view allows you to
view network activity by protocol.
QFlow Collector
Collects data from devices and various live or recorded data feeds, such as,
network taps, span/mirror ports, NetFlow, and STRM flow logs.
Содержание SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
Страница 13: ...STRM Users Guide Assets 7 Note For more information see Chapter 8 Managing Assets...
Страница 100: ...STRM Users Guide 94 INVESTIGATING OFFENSES...
Страница 138: ......
Страница 226: ......