Traffic is continuously monitored by the Intrusion Detection systems and may be denied passage in the middle of an existing connection based on known signatures or bad traffic patterns.
The network traffic in the Intrusion Detection data model is allowed or denied based on more complex traffic patterns. These rules are usually triggered when the network connection is being established. However the network traffic in the Network Traffic data model is allowed or denied based on simple network connection rules, which are using network parameters such as TCP headers, destination, ports, and so on. In versions of the Splunk platform prior to version 6.5.0, these were referred to as data model objects.ĭifference between Network Traffic and Intrusion Detection data modelsīoth Network Traffic and Intrusion Detection data models describe the network traffic "allow" and "deny" events. Note: A dataset is a component of a data model.
The fields and tags in the Network Traffic data model describe flows of data across network infrastructure components.
0 kommentar(er)
