Network Forensics & Security Analytics

 View Only

Initial filtering in Security Analytics 

Nov 20, 2019 12:43 PM

A logical first step when looking for a suspected event In Security Analytics is using the Timespan filtering capability. The reason for this is that by reducing searches down to a specific window of time, you can focus on a smaller time frame. Narrower timespans result in smaller data sets, thereby producing quicker results than larger timespans. This is most effective if you have a good idea of when the traffic you are looking for was captured by Security Analytics. If you do not know when an event occurred, you can filter first using a primary filter to narrow down to specific criteria, such as a known IP address or responder. Once this initial filtering has been completed, then a timespan filter can be used to shrink the window of time until the specific event has been found.

More information on filtering can be found the Security Analytics Web Guide.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.