1
00:00:10,240 --> 00:00:16,760
Intrusion event occurs on the network it needs to be analyzed to determine the who what where and when

2
00:00:16,790 --> 00:00:18,190
things happen.

3
00:00:18,860 --> 00:00:26,540
Network intrusion analysis primarily uses information like IP addresses and port numbers to track security

4
00:00:26,540 --> 00:00:28,690
events.

5
00:00:28,840 --> 00:00:35,080
Here's a list of some of the common types of information that we are looking for while analyzing network

6
00:00:35,080 --> 00:00:36,640
intrusions.

7
00:00:37,510 --> 00:00:43,380
Here's the intrusion analysis page used by Cisco's firepower Management Center.

8
00:00:43,990 --> 00:00:48,370
As you can see there is detailed information for each intrusion event.

9
00:00:48,490 --> 00:00:54,640
Let's click on one to take a closer look and see what type of security event artifacts can be found.

10
00:01:00,920 --> 00:01:08,360
So here on the detailed and network intrusion analysis page I can see when events occurred.

11
00:01:08,600 --> 00:01:17,900
The source and destination hosts that were involved in the event as well as later for port numbers and

12
00:01:17,930 --> 00:01:26,870
application protocols collectively these common security artifacts can be used to analyze intrusion

13
00:01:26,870 --> 00:01:27,440
events

14
00:01:30,440 --> 00:01:37,340
intrusion devices also have the ability to analyze more than just data payloads such as protocol hatters

15
00:01:38,560 --> 00:01:48,940
protocol headers are used to carry network model layer protocols like IP TCAP and HTP preprocessors

16
00:01:48,940 --> 00:01:57,070
that analyze header information can detect attacks that exploit things like IP fragmentation check some

17
00:01:57,130 --> 00:02:07,030
validation and TZP or UDP sessions and the next video we will analyze an intrusion event with a recap

18
00:02:07,050 --> 00:02:09,950
file and drill into protocol matters.

19
00:02:10,200 --> 00:02:13,200
And some of the other common security artifacts.