以后可以考虑的方向,在stealwatch里包含:

ad Injector

click fraud

cryptocurrency miner

exploit kit

malicious advertising

malicious conetent distribution

maney scam

PUA

scareware

spam botnet

spam tracking

cryptowall

ramnit

sality

SMB service discovery:貌似是直接看445端口是否开放

DNS sinkhole

ICMP burst

unexpected DNS usage

SSH creacking

torrent

excessive communication

vlunerability scanning tool

phishing

TOR

----

注意: C&C/TOR/Bogon/Fake App(需要流探针)

检测挖矿的方法:内外的网络流量是否很大,看来是根据挖矿的流量特征来进行检测的。需要手动配置,做得比较low。

DDoS Source: Indicates that a host
has been identified as the source
of a DDoS attack 还会检测ddos source和target

DDoS Target: Indicates that a host
as been identified as a the target of
a DDoS attack.

Data Hoarding: Indicates that a
source or target host within a network
has downloaded an unusual amount
of data from one or more hosts.

Exfiltration: Tracks inside and
outside hosts to which an abnormal
amount of data has been
transferred. 内外通信的网络流量异常

stealwatch的检测数据包括流量、web logs。。。

BehaviourBehaviour Behaviour Behaviour BehaviourBehaviourAnalysisAnalysisAnalysis AnalysisAnalysisAnalysisSuspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in

stealwatch里的安全功能——ETA结果会显示加密套件以及key长度,还有流量大小(例如41MB)的更多相关文章

  1. case when里的like功能 ////// 截取(substr)

    case when里的like功能 假如要用到case when又要用到like这样的功能,即如果字符串包含‘语文’就怎么怎么样,包含‘数学’就怎么怎么样,包含‘英语’就怎么怎么样,like是用于wh ...

  2. leaflet 实现克里金插值功能(附源码下载)

    前言 leaflet 入门开发系列环境知识点了解: leaflet api文档介绍,详细介绍 leaflet 每个类的函数以及属性等等 leaflet 在线例子 leaflet 插件,leaflet ...

  3. SAP S4HANA里委外加工采购功能的变化

    SAP S4HANA里委外加工采购功能的变化 [Part 1:主要变化点] 1.1,采购订单界面上的变化, 1.2, 新的事务代码: ME2ON (Subcontracting Cockpit), 1 ...

  4. Javascript中双等号(==)隐性转换机制 JS里charCodeAt()和fromCharCode()方法拓展应用:加密与解密

    Javascript中双等号(==)隐性转换机制   在Javascript中判断相等关系有双等号(==)和三等号(===)两种.其中双等号(==)是值相等,而三等号(===)是严格相等(值及类型是否 ...

  5. 尝试一下sql server2016里面的json功能

    前2天下载了一个2016的rc版本来玩一下,首先感觉是~开发者版本免费啦!!撒花!!!另外一个东西,sql server 2016能支持json 的解析和应用啦,虽然我不知道它的性能如何,先来一发测试 ...

  6. VirtualBoX虚拟机里安装linux系统,在虚拟系统里安装增强功能报错解决方法

    http://www.cnblogs.com/MoShin/archive/2012/04/25/2469156.html 当我们在虚拟机里安装lixunx系统,避免不了的要安装增强功能,无论是视觉效 ...

  7. MAC电脑里的休眠功能在哪里?

    Windows7和Ubuntu里都有睡眠和休眠功能,睡眠一般是指挂起到内存,电脑停止运行,数据都在内存里,只需要给内存供电,恢复时很快:休眠是指挂起到硬盘,电脑可以完全停止供电,恢复时从硬盘读取数据, ...

  8. JumpServer里的sftp功能报错说明

    JumpServer里sftp默认的家目录是/tmp下 修改默认家目录: vim /usr/local/coco/coco/sftp.py class SFTPServer(paramiko.SFTP ...

  9. sql server2016里面的json功能 - 转

    测试一下基本的,从查询结果里面构造一个json 的格式 create table t1(ID int identity,name nvarchar(50),Chinese int ,Math int) ...

随机推荐

  1. hdu 1392 Surround the Trees 凸包裸题

    Surround the Trees Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Other ...

  2. c++ demo

    #include "stdafx.h" #include <boost\version.hpp> #include <boost\config.hpp> # ...

  3. module.exports小程序模块化,require

    小程序模块化 可以将一些公共的代码抽离成为一个单独的 js 文件,作为一个模块.模块只有通过 module.exports 或者 exports 才能对外暴露接口. tips:exports 是 mo ...

  4. MATLAB数据类型

    数据类型 1数值类型 @整数 *浮点型转整数型的转换函数,将数值转换为最为接近的整数值,若分数部分为0.5时,转换为最接近的两个整数中绝对值较大的一个. *取整函数: floor(x)向下取整 cei ...

  5. php 建站 多域名配置 自定义重定向

    1. 申请一个域名 , 当多个域名使用. 比如 申请一个顶级域名为 .com 后缀的一级域名 :mine.com, 一般允许绑定四五个二级域名,比如 www.mine.com  . mine.mine ...

  6. 网页常见单位: px em pt % rem vw、vh、vmin、vmax , rem 使用

    1.网页常见单位:  px  em  pt    vw\vh   rem 1.1 px单位名称为像素,相对长度单位,像素(px)是相对于显示器屏幕分辨率而言  (最终解析单位) em单位名称为相对长度 ...

  7. nodejs初识

    提到nodejs总离不开npm,因此首先要学些和了解npm.而对于npm.nodejs的了解都来源于菜鸟教程. nodejs学习地址:http://www.runoob.com/nodejs/node ...

  8. idea ----> 学习笔记

    使用的是社区版的idea 1. 2.关键点之二:配置artifacts.参照 <使用IDEA2017创建java web+Maven项目>http://blog.csdn.net/love ...

  9. 基于AngularJS的Onsen UI --Onsen UI学习笔记

    AngularJS与Onsen UI的结合,Onsen UI应用程序实际上是一个AngularJS 1应用程序. <!doctype html><html lang="en ...

  10. 20171022xlVBA练手提取入所记录

    Sub GetWordText改进() Dim Wb As Workbook Dim Sht As Worksheet Dim Rng As Range Dim wdApp As Object Dim ...