Signature-based = X is bad, alert me when you see X Behavior-based = X then Y then Z is bad, alert me when you see X then Y then Z Heuristic/Anomaly = A, B, D, G, F, S, T, X, Z are normal, alert me when you see anything something other than those
-
-
-
Will you be my official tech translator? lol In all seriousness thank you so much for breaking this down to such a simple example.
- Još 1 odgovor
Novi razgovor -
-
-
Huehuehue welcome to my world Ell.
-
Pst.... Ricky it's scary in here.
- Još 1 odgovor
Novi razgovor -
-
-
Heuristics may also be a combination of behaviour and anomaly. Processes A B C are normal, as are D E F. Processes A C E running without B D F is not normal. Heuristics is using what you know along with rules to determine if a behaviour presents a threat.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
To add on to the above. Behavioral detection is built on knowing or identifying normal occurrences then detecting detractors. Ez ex: Someone successfully completes a telnet connection to port 666. Odd. Probabaly worth getting a pcap and yeeting that connection.
-
It gets complicated when you consider all the variables that may be associated with individual applications, various protocols, down to TCP/UDP behaviors. Add in host detections and logs and the ocean gets deeper.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.