Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » offline » Analyzing the WRCCDC PCAPs : Part 3 Analysis using TrisulNSM
Trace:
offline:wrccdc_pcaps_results

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
offline:wrccdc_pcaps_results [2018/05/12 23:39] – [Get an overview of flow activity] veeraoffline:wrccdc_pcaps_results [2018/05/12 23:41] – [Viewing IDS Alerts] veera
Line 51: Line 51:
 ==== Viewing IDS Alerts  ==== ==== Viewing IDS Alerts  ====
    
 +Another great baseline place to start. Remember from Part-1 in addition to Trisul , we also run Suricata with ALL rules from ET-Open ruleset. The alerts generated by this give us a fairly good idea of the hygiene of the network. In this case, as you would expect there are a ton of NMAP scans, a few ETERNALBLUE and other alerts. You can use the "Search" form on the top to filter further. But right now, we have a fairly good baseline from this angle. 
  
 {{ :offline:wrccdc1.png?direct&400 |}} {{ :offline:wrccdc1.png?direct&400 |}}
offline/wrccdc_pcaps_results.txt · Last modified: 2018/05/13 00:08 by veera