1
00:00:00,550 --> 00:00:08,650
In this section we are going to focus on learning more about data and event analysis to effectively

2
00:00:08,650 --> 00:00:09,970
analyze data.

3
00:00:10,090 --> 00:00:18,810
It needs to be normalized normalization is the process of reorganizing data so that it can be viewed

4
00:00:18,840 --> 00:00:20,350
in one form.

5
00:00:20,370 --> 00:00:27,200
This eliminates redundant data and minimizes the chance that an attacker can evade detection.

6
00:00:29,040 --> 00:00:33,210
Data normalization can be categorized into three types.

7
00:00:33,300 --> 00:00:44,480
One and Two and three are enough Cisco's firepower security devices use normalisation preprocessors

8
00:00:44,840 --> 00:00:52,000
to normalize traffic after packet decoding from the firepower management center.

9
00:00:52,020 --> 00:01:02,460
If you go to policies access control and intrusion you can add your IP policy which includes preprocessors

10
00:01:02,460 --> 00:01:04,430
for normalization.

11
00:01:04,440 --> 00:01:13,550
So here I have my IP policy I click the pencil icon to edit it you can get to the IPX preprocessor rules

12
00:01:13,550 --> 00:01:17,690
by going under policy information and Salatin rules

13
00:01:23,070 --> 00:01:29,260
and preprocessors.

14
00:01:29,580 --> 00:01:36,330
So as you can see in the preprocessors section there is the list of configuration options for popular

15
00:01:36,330 --> 00:01:41,060
protocols such as DNS a.p and HTP.