Download Print this page

About Forensic Analysis Tab - Network Instruments GigaStor 114ff User Manual

Enterprise-strength network probe appliance

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

page of 146

/ 146
Contents
Table of Contents
Bookmarks

Table of Contents

About Forensic Analysis tab

! P

REPROCESSOR

AXIMUMS

Starting Forensic Analysis using Snort rules

Chapter 6 Forensic Analysis using Snort

10 Click OK to close the Forensic Analysis Profile dialog. Click OK

again to close the Forensic Settings dialog. Click OK to close the

GigaStor Analysis Options dialog.

Observer applies the rules and filters to the capture data and

displays the results in the Forensics Summary tab. A new tab is

also opened that contains the decode. For details about the tabs,

see:

"About Forensic Analysis tab" on page 98

"About the Forensic Analysis Log tab" on page 99

This display summarizes alerts and preprocessor events in a navigable

tree.

Figure 70 Forensic Summary

It is important to examine the preprocessor results to ensure

that time-outs and other maximum value exceeded conditions

haven't compromised the analysis. In Figure 70, both the IP

Flow and TCP Stream Reassembly preprocessors have timed

out on hundreds of flows and streams. If you see similar

rev. 1

Table of Contents

This manual is also suitable for:

Gigastor portable Gigastor expandable

About Forensic Analysis Tab - Network Instruments GigaStor 114ff User Manual

About Forensic Analysis tab

Related Manuals for Network Instruments GigaStor 114ff

Related Content for Network Instruments GigaStor 114ff

This manual is also suitable for:

Table of Contents