Page 13 - Cyber Warnings

P. 13

Aha! That analytical pivot produces a graph above, showing two obvious spikes that are well
above average. Below, we zoom in on the time of the spikes.
































Analyzing Unique Source IPs



The spikes themselves are suspicious, but is this just a large data file transfer? We can find out
by looking at how many different source IPs are sending traffic. To look at host-level details,
note that we’ve gone beyond the point where you can use summary information. At this point,
we are analyzing raw NetFlow record details.































13 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

8   9   10   11   12   13   14   15   16   17   18