以后可以考虑的方向,在stealwatch里包含:

ad Injector

click fraud

cryptocurrency miner

exploit kit

malicious advertising

malicious conetent distribution

maney scam

PUA

scareware

spam botnet

spam tracking

cryptowall

ramnit

sality

SMB service discovery:貌似是直接看445端口是否开放

DNS sinkhole

ICMP burst

unexpected DNS usage

SSH creacking

torrent

excessive communication

vlunerability scanning tool

phishing

TOR

----

注意: C&C/TOR/Bogon/Fake App(需要流探针)

检测挖矿的方法:内外的网络流量是否很大,看来是根据挖矿的流量特征来进行检测的。需要手动配置,做得比较low。

DDoS Source: Indicates that a host
has been identified as the source
of a DDoS attack 还会检测ddos source和target

DDoS Target: Indicates that a host
as been identified as a the target of
a DDoS attack.

Data Hoarding: Indicates that a
source or target host within a network
has downloaded an unusual amount
of data from one or more hosts.

Exfiltration: Tracks inside and
outside hosts to which an abnormal
amount of data has been
transferred. 内外通信的网络流量异常

stealwatch的检测数据包括流量、web logs。。。

BehaviourBehaviour Behaviour Behaviour BehaviourBehaviourAnalysisAnalysisAnalysis AnalysisAnalysisAnalysisSuspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in

stealwatch里的安全功能——ETA结果会显示加密套件以及key长度,还有流量大小(例如41MB)的更多相关文章

  1. case when里的like功能 ////// 截取(substr)

    case when里的like功能 假如要用到case when又要用到like这样的功能,即如果字符串包含‘语文’就怎么怎么样,包含‘数学’就怎么怎么样,包含‘英语’就怎么怎么样,like是用于wh ...

  2. leaflet 实现克里金插值功能(附源码下载)

    前言 leaflet 入门开发系列环境知识点了解: leaflet api文档介绍,详细介绍 leaflet 每个类的函数以及属性等等 leaflet 在线例子 leaflet 插件,leaflet ...

  3. SAP S4HANA里委外加工采购功能的变化

    SAP S4HANA里委外加工采购功能的变化 [Part 1:主要变化点] 1.1,采购订单界面上的变化, 1.2, 新的事务代码: ME2ON (Subcontracting Cockpit), 1 ...

  4. Javascript中双等号(==)隐性转换机制 JS里charCodeAt()和fromCharCode()方法拓展应用:加密与解密

    Javascript中双等号(==)隐性转换机制   在Javascript中判断相等关系有双等号(==)和三等号(===)两种.其中双等号(==)是值相等,而三等号(===)是严格相等(值及类型是否 ...

  5. 尝试一下sql server2016里面的json功能

    前2天下载了一个2016的rc版本来玩一下,首先感觉是~开发者版本免费啦!!撒花!!!另外一个东西,sql server 2016能支持json 的解析和应用啦,虽然我不知道它的性能如何,先来一发测试 ...

  6. VirtualBoX虚拟机里安装linux系统,在虚拟系统里安装增强功能报错解决方法

    http://www.cnblogs.com/MoShin/archive/2012/04/25/2469156.html 当我们在虚拟机里安装lixunx系统,避免不了的要安装增强功能,无论是视觉效 ...

  7. MAC电脑里的休眠功能在哪里?

    Windows7和Ubuntu里都有睡眠和休眠功能,睡眠一般是指挂起到内存,电脑停止运行,数据都在内存里,只需要给内存供电,恢复时很快:休眠是指挂起到硬盘,电脑可以完全停止供电,恢复时从硬盘读取数据, ...

  8. JumpServer里的sftp功能报错说明

    JumpServer里sftp默认的家目录是/tmp下 修改默认家目录: vim /usr/local/coco/coco/sftp.py class SFTPServer(paramiko.SFTP ...

  9. sql server2016里面的json功能 - 转

    测试一下基本的,从查询结果里面构造一个json 的格式 create table t1(ID int identity,name nvarchar(50),Chinese int ,Math int) ...

随机推荐

  1. ECharts配置项之title(标题)

    1.标题居中 //left的值为'left', 'center', 'right' title:{ left:'center' } 2.主副标题之间的间距 title:{ //默认为10 itemGa ...

  2. 小程序之根据参数更改title

    是这样的,今天呢在写中英文切换功能,哇  从psd图里面去复制英文在去对应,真的是太难受了 okok 切回正题   当用户选择英文的时候   我的title也要是英文怎么办呢 wx.setNaviga ...

  3. [Python]IO密集型任务 VS 计算密集型任务

    所谓IO密集型任务,是指磁盘IO.网络IO占主要的任务,计算量很小.比如请求网页.读写文件等.当然我们在Python中可以利用sleep达到IO密集型任务的目的. 所谓计算密集型任务,是指CPU计算占 ...

  4. Python安装常见问题:ModuleNotFoundError: No module named '_ctypes' 解决办法

    一般位于3.7以上版本编译安装时出错 缺少依赖包libffi-devel 在安装3.7以上版本时,需要一个新的libffi-devel包做依赖 解决方法: yum install libffi-dev ...

  5. sqlserver 中通配符%和_的使用

    --以a开头的数据 SELECT * FROM BCUSTOMER_MZN WHERE CST_NAME LIKE 'A%' --以Z结尾的数据 SELECT * FROM BCUSTOMER_MZN ...

  6. STL——map

    看到map这里,都不知道它主要是干嘛的,你有没有这样的疑问. map的主要作用:提供对T类型的数据进行快速和高效的检索 .C++ STL中标准关联容器set, multiset, map, multi ...

  7. JS中innerHTML、outerHTML、innerText 、outerText、value的区别与联系?jQuery中的text()、html()和val()

    一.JS中innerHTML.outerHTML.innerText .outerText.value的区别与联系?jS中设置或者获取所选内容的值:①innerHTML :属性设置或返回该标签内的HT ...

  8. MySQL学习(六)

    1 注意 select cout(*) from 表名: 查询的就是绝对的行数,哪怕某一列所有字段全部为NULL,也计算在内.而select cout(列名) form 表名:查询的是该列不为null ...

  9. 一个sql实现查询并且插入到另一个表中

    两种不同方法,结果不同 方法一.查询的user表中3个元素,name为user表中的字段,1000,0,是往department中要赋的值(给id赋值) ,`name`,' 方法二(推荐使用方法二): ...

  10. 解决ios下的微信页面背景音乐无法自动播放问题

    在做各种html5场景页面的时候,插入背景音乐是一个很普遍的需求,我们都知道,ios下的safari是无法自动播放音乐的,以至于现在行程一种认知,ios是没有办法自动播放媒体资源的,这个认知其实是错误 ...