以后可以考虑的方向,在stealwatch里包含:

ad Injector

click fraud

cryptocurrency miner

exploit kit

malicious advertising

malicious conetent distribution

maney scam

PUA

scareware

spam botnet

spam tracking

cryptowall

ramnit

sality

SMB service discovery:貌似是直接看445端口是否开放

DNS sinkhole

ICMP burst

unexpected DNS usage

SSH creacking

torrent

excessive communication

vlunerability scanning tool

phishing

TOR

----

注意: C&C/TOR/Bogon/Fake App(需要流探针)

检测挖矿的方法:内外的网络流量是否很大,看来是根据挖矿的流量特征来进行检测的。需要手动配置,做得比较low。

DDoS Source: Indicates that a host
has been identified as the source
of a DDoS attack 还会检测ddos source和target

DDoS Target: Indicates that a host
as been identified as a the target of
a DDoS attack.

Data Hoarding: Indicates that a
source or target host within a network
has downloaded an unusual amount
of data from one or more hosts.

Exfiltration: Tracks inside and
outside hosts to which an abnormal
amount of data has been
transferred. 内外通信的网络流量异常

stealwatch的检测数据包括流量、web logs。。。

BehaviourBehaviour Behaviour Behaviour BehaviourBehaviourAnalysisAnalysisAnalysis AnalysisAnalysisAnalysisSuspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: Suspect Long Flow: An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic An IP communication between an Inside and Outside host (with traffic in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in both directions) that exceeds the “Seconds required to qualify a flow as long” duration in

stealwatch里的安全功能——ETA结果会显示加密套件以及key长度,还有流量大小(例如41MB)的更多相关文章

  1. case when里的like功能 ////// 截取(substr)

    case when里的like功能 假如要用到case when又要用到like这样的功能,即如果字符串包含‘语文’就怎么怎么样,包含‘数学’就怎么怎么样,包含‘英语’就怎么怎么样,like是用于wh ...

  2. leaflet 实现克里金插值功能(附源码下载)

    前言 leaflet 入门开发系列环境知识点了解: leaflet api文档介绍,详细介绍 leaflet 每个类的函数以及属性等等 leaflet 在线例子 leaflet 插件,leaflet ...

  3. SAP S4HANA里委外加工采购功能的变化

    SAP S4HANA里委外加工采购功能的变化 [Part 1:主要变化点] 1.1,采购订单界面上的变化, 1.2, 新的事务代码: ME2ON (Subcontracting Cockpit), 1 ...

  4. Javascript中双等号(==)隐性转换机制 JS里charCodeAt()和fromCharCode()方法拓展应用:加密与解密

    Javascript中双等号(==)隐性转换机制   在Javascript中判断相等关系有双等号(==)和三等号(===)两种.其中双等号(==)是值相等,而三等号(===)是严格相等(值及类型是否 ...

  5. 尝试一下sql server2016里面的json功能

    前2天下载了一个2016的rc版本来玩一下,首先感觉是~开发者版本免费啦!!撒花!!!另外一个东西,sql server 2016能支持json 的解析和应用啦,虽然我不知道它的性能如何,先来一发测试 ...

  6. VirtualBoX虚拟机里安装linux系统,在虚拟系统里安装增强功能报错解决方法

    http://www.cnblogs.com/MoShin/archive/2012/04/25/2469156.html 当我们在虚拟机里安装lixunx系统,避免不了的要安装增强功能,无论是视觉效 ...

  7. MAC电脑里的休眠功能在哪里?

    Windows7和Ubuntu里都有睡眠和休眠功能,睡眠一般是指挂起到内存,电脑停止运行,数据都在内存里,只需要给内存供电,恢复时很快:休眠是指挂起到硬盘,电脑可以完全停止供电,恢复时从硬盘读取数据, ...

  8. JumpServer里的sftp功能报错说明

    JumpServer里sftp默认的家目录是/tmp下 修改默认家目录: vim /usr/local/coco/coco/sftp.py class SFTPServer(paramiko.SFTP ...

  9. sql server2016里面的json功能 - 转

    测试一下基本的,从查询结果里面构造一个json 的格式 create table t1(ID int identity,name nvarchar(50),Chinese int ,Math int) ...

随机推荐

  1. 【链接】linuxCentOS权限问题修复(chmod777-R或者chmod755- http://www.cnblogs.com/kofxxf/p/5220836.html

    [链接]linuxCentOS权限问题修复(chmod777-R或者chmod755- http://www.cnblogs.com/kofxxf/p/5220836.html

  2. vs编译出现 fatal error LNK1281:无法生成 SAFESEH 映像

    问题: 在vs编译中我们有时候常常会见到这样的错误,无法生成 SAFESEH 映像,镜像安全问题 解决方法: 1.打开该项目的"属性页"对话框. 2.单击"链接器&quo ...

  3. 获取IP及判断IP是否在区间

    /// <summary> /// 获取客户端IP /// </summary> /// <returns></returns> public stat ...

  4. Android多线程模型

              作为开发者,我们都知道在开发过程中遇到耗时操作那是不可避免的,例如网络请求.文件读写.数据库操作等等.Android是单线程模型,这意味着Android UI操作并不是线程安全的并 ...

  5. Qt的Radio Button(单选按钮)

    1 在UI界面中加入控件 2 对QRadioButton控件进行分组 QRadioButton的分组有多重方法,如采用组合框.QWidge等,下面介绍采用QButtonGroup方法来实现分组,好处是 ...

  6. Java代理机制之初见(理解及实现)

    都知道Java中的Spring,有一重要思想:AOP,实现原理也就是Java的动态代理机制.初见代理这个名词时,觉得生活中常有代理的这一说法. 那么,在Java中,代理又是什么呢?它又是如何实现的?实 ...

  7. eclipse中怎么调出左边项目列表,解决方法:主界面的最上面一栏的Window--ShowView--Project Explorer

    主界面的最上面一栏的Window--ShowView--Project Explorer

  8. 雷林鹏分享:jQuery EasyUI 树形菜单 - 创建带复选框的树形菜单

    jQuery EasyUI 树形菜单 - 创建带复选框的树形菜单 easyui 的树(Tree)插件允许您创建一个复选框树.如果您点击一个节点的复选框,这个点击的节点信息将向上和向下继承.例如:点击 ...

  9. 雷林鹏分享:C# 循环

    C# 循环 有的时候,可能需要多次执行同一块代码.一般情况下,语句是顺序执行的:函数中的第一个语句先执行,接着是第二个语句,依此类推. 编程语言提供了允许更为复杂的执行路径的多种控制结构. 循环语句允 ...

  10. LeetCode--283--移动0

    问题描述: 给定一个数组 nums,编写一个函数将所有 0 移动到数组的末尾,同时保持非零元素的相对顺序. 示例: 输入: [0,1,0,3,12] 输出: [1,3,12,0,0] 说明: 必须在原 ...