以后可以考虑的方向,在stealwatch里包含:

ad Injector

click fraud

cryptocurrency miner

exploit kit

malicious advertising

malicious conetent distribution

maney scam

PUA

scareware

spam botnet

spam tracking

cryptowall

ramnit

sality

SMB service discovery:貌似是直接看445端口是否开放

DNS sinkhole

ICMP burst

unexpected DNS usage

SSH creacking

torrent

excessive communication

vlunerability scanning tool

phishing

TOR

----

注意: C&C/TOR/Bogon/Fake App(需要流探针)

检测挖矿的方法:内外的网络流量是否很大,看来是根据挖矿的流量特征来进行检测的。需要手动配置,做得比较low。

DDoS Source: Indicates that a host
has been identified as the source
of a DDoS attack 还会检测ddos source和target

DDoS Target: Indicates that a host
as been identified as a the target of
a DDoS attack.

Data Hoarding: Indicates that a
source or target host within a network
has downloaded an unusual amount
of data from one or more hosts.

Exfiltration: Tracks inside and
outside hosts to which an abnormal
amount of data has been
transferred. 内外通信的网络流量异常

stealwatch的检测数据包括流量、web logs。。。

BehaviourBehaviour Behaviour Behaviour BehaviourBehaviourAnalysisAnalysisAnalysis AnalysisAnalysisAnalysisSuspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in

stealwatch里的安全功能——ETA结果会显示加密套件以及key长度,还有流量大小(例如41MB)的更多相关文章

  1. case when里的like功能 ////// 截取(substr)

    case when里的like功能 假如要用到case when又要用到like这样的功能,即如果字符串包含‘语文’就怎么怎么样,包含‘数学’就怎么怎么样,包含‘英语’就怎么怎么样,like是用于wh ...

  2. leaflet 实现克里金插值功能(附源码下载)

    前言 leaflet 入门开发系列环境知识点了解: leaflet api文档介绍,详细介绍 leaflet 每个类的函数以及属性等等 leaflet 在线例子 leaflet 插件,leaflet ...

  3. SAP S4HANA里委外加工采购功能的变化

    SAP S4HANA里委外加工采购功能的变化 [Part 1:主要变化点] 1.1,采购订单界面上的变化, 1.2, 新的事务代码: ME2ON (Subcontracting Cockpit), 1 ...

  4. Javascript中双等号(==)隐性转换机制 JS里charCodeAt()和fromCharCode()方法拓展应用:加密与解密

    Javascript中双等号(==)隐性转换机制   在Javascript中判断相等关系有双等号(==)和三等号(===)两种.其中双等号(==)是值相等,而三等号(===)是严格相等(值及类型是否 ...

  5. 尝试一下sql server2016里面的json功能

    前2天下载了一个2016的rc版本来玩一下,首先感觉是~开发者版本免费啦!!撒花!!!另外一个东西,sql server 2016能支持json 的解析和应用啦,虽然我不知道它的性能如何,先来一发测试 ...

  6. VirtualBoX虚拟机里安装linux系统,在虚拟系统里安装增强功能报错解决方法

    http://www.cnblogs.com/MoShin/archive/2012/04/25/2469156.html 当我们在虚拟机里安装lixunx系统,避免不了的要安装增强功能,无论是视觉效 ...

  7. MAC电脑里的休眠功能在哪里?

    Windows7和Ubuntu里都有睡眠和休眠功能,睡眠一般是指挂起到内存,电脑停止运行,数据都在内存里,只需要给内存供电,恢复时很快:休眠是指挂起到硬盘,电脑可以完全停止供电,恢复时从硬盘读取数据, ...

  8. JumpServer里的sftp功能报错说明

    JumpServer里sftp默认的家目录是/tmp下 修改默认家目录: vim /usr/local/coco/coco/sftp.py class SFTPServer(paramiko.SFTP ...

  9. sql server2016里面的json功能 - 转

    测试一下基本的,从查询结果里面构造一个json 的格式 create table t1(ID int identity,name nvarchar(50),Chinese int ,Math int) ...

随机推荐

  1. bzoj 1036: [ZJOI2008]树的统计Count 树链剖分+线段树

    1036: [ZJOI2008]树的统计Count Time Limit: 10 Sec  Memory Limit: 162 MBSubmit: 16294  Solved: 6645[Submit ...

  2. python 传递多个参数

    def oper(a,*args): print(args) print(a) oper("q","s","d","z" ...

  3. python 部分函数

    abs(number) ,返回数字的绝对值cmath.sqrt(number) ,返回平方根,也可以应用于负数float(object) ,把字符串和数字转换为浮点数help() ,提供交互式帮助in ...

  4. prometheus的agent 二次开发代码参考

    import com.codahale.metrics.MetricRegistry;import io.prometheus.client.CollectorRegistry;import io.p ...

  5. leecode第二十六题(删除排序数组中的重复项)

    class Solution { public: int removeDuplicates(vector<int>& nums) { int len=nums.size(); ) ...

  6. tomcat去除项目名部署

    实现方式及原理: 方式一: 原理:Tomcat的默认根目录是ROOT,实际上ROOT这个项目在实际生产环境是没有用的,所以我们可以用我们的项目覆盖ROOT项目 操作过程: 1.删除ROOT下所有文件及 ...

  7. Mac Python PyQt5 环境搭建

    pip install pyqt5 测试开发环境 在Terminal里敲下以下代码,如果没有报错就说明安装成功了. python -c "import PyQt5" 或是如下图,导 ...

  8. [ /* 和 / 的区别 ] Difference between / and /* in servlet mapping url pattern

    <url-pattern>/*</url-pattern> The /* on a servlet overrides all other servlets, includin ...

  9. 雷林鹏分享:XML 注意事项

    XML 注意事项 这里列出了您在使用 XML 时应该尽量避免使用的技术. Internet Explorer - XML 数据岛 它是什么?XML 数据岛是嵌入到 HTML 页面中的 XML 数据. ...

  10. BGP - 2,BGP报文和BGP状态

    1,BGP报文      Open:建邻居,交换version.AS号.holdtime.BGP identifier(即RouterID).可选参数长度.可选参数.      Keepalive:保 ...