Advanced Security Analytics Module (ASAM) Event Lists
The chain is only as strong as its weakest link. It’s not the number of security holes plugged that is important, but one significant crack, through which the whole network is breached, is the most critical. The number of events to be monitored depends on how effective your NBA system is, and also on the intensity of threats posed by your network. The task of monitoring all the events could become quite tedious, more so with inclusion of false positives. But, with such high stakes, every single alert raised, needs to be monitored. There are, of course, ways to reduce the false negatives and making the reports easy-to-understand. Other than reducing the false positives, classifying and organizing the events / problems makes the job easier for you.
The ‘Event List’ in ASAM lists, classifies and organizes all the events that might become attacks. Also, ASAM assigns severity of an event; this allows you to prioritize your actions. The event list shows the following details related to a particular event
- ID - This unique ID is assigned to all events and you can use if for ease of identification
- Problem - This gives you the name of the of the event and the class
- Offender - This is the offender host for this event
- Routed Via - The various routers through which this flow was routed
- Target - This is the target host for this event
- Time - The time at which the flows for this event came
- Hits - The number of flows belonging to this problem
- Severity - ASAM assigns the severity of the event
- Status - Depending on whether the problem was worked on, you can change the status between open, closed and ignored
- Detail View - This lets your drilldown in to the problem
ASAM Event Filter Options
ASAM also gives an user-friendly advanced filter option that helps you fine tune your report. This filter narrows down the security snapshot report based on the criteria provided by you. The available criteria are Class-problem, target entity / host, offender entity / host, router / interface name, severity and status.
No one knows your network better than you. You might be running an in-house application from a server, which an NBA system might think of as a suspicious flow. In a case like that, ASAM gives you many ways to disable, ignore or discard such false positives.
- Manage Problems
- Discard Flows
- Ignore Events
ASAM, offered as a simple add-on module of NetFlow Analyzer, leverages the underlying platform's agentless centralized data collection and forensic analysis capabilities, to offer greater value. NetFlow Analyzer is a robust, scalable and a proven platform offering bandwidth monitoring and unified traffic analytics.
Try NetFlow Analyzer with ASAM | Online Demo