Data Correlation and Analytics - Paiet/Tech-Journal-for-Everything GitHub Wiki

Point-in-time data analysis

Packet analysis

Protocol analysis

Traffic analysis

Netflow analysis

Wireless analysis

Data correlation and analytics

Anomaly analysis

• Requires a base-line to establish what "Normal" looks like
• Looks for irregularities

Trend analysis

• Predictive model
• Uses existing data to predict future data
• Not used much for security analysis
• Used more for resource usage
  • What services/equipment will we need/need more of

Availability analysis

• Used to analyze the availability of a resource, or resources
• Finding that a certain device/service has been unavailable more often could mean that system/service has been targeted

Heuristic analysis

• Used to detect unknown threats based off of behavior
• By inspecting traffic before allowing it to flow, it can be checked for suspicious/unidentified behavior
• Some systems can even test unidentified/suspicious traffic for malfeasance

Behavioral analysis

• Similar to Heuristic analysis
• Looks for suspicious behavior in traffic
  • Like a cop
  • Are odd TCP connections being made between hosts?