adam's notes

Network Data Sources
Network Logs
Firewall Logs
IDS/IPS Logs

❯

❯

Network Data Sources

Network Data Sources

Network Logs

Network log records system and access events generated by a network appliance.

records:
- the operation and status of the appliance itself
- traffic and access logs recording network behavior

Firewall Logs

Firewall log records event data related to access rules that have been configured for logging.

possible to configure log-only rules
used when
- testing a new rule
- or only enabled for high-impact rules
firewall audit event will record:
- a date/timestamp
- the interface on which the rule was triggered
- whether the rule matched incoming/ingress or outgoing/egress traffic
- and whether the packet was accepted or dropped
event data will record packet information
- e.g., source and destination address and port numbers

IDS/IPS Logs

An IPS/IDS log records an event when a traffic pattern is matched to a rule.

can generate a very high volume of events
- only log high sensitivity/impact rules
IPS can be configured to log shuns, resets, and redirects
summary event data from IDS/IPS can be visualized in dashboard graphs to represent overall threat levels

Graph View

Backlinks

Domain 3 - Risk Identification, Monitoring, and Analysis
Explain Incident Response and Monitoring Concepts

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me