Manuals / Network Instruments / Computer Equipment / Network Card

Network Instruments 114ff manual Rules tab

Models: 114ff

1 146
Download 146 pages 2.04 Kb
Page 97
Image 97

Figure 69 Rules tab

9Select the boxes next to the rules you want to enable. The right- click menu has options to enable/disable all rules, and to show the actual Snort rule that was imported. It also lets you jump to web- based threat references such as bugtraq for further information about the alert.

Rule classifications offer another level of control. Check the “Rules must also match rule classifications” box to display a list of defined rule classifications. Classifications are defined at import time by parsing the Snort config classification statements encountered in the rule set. Rules are assigned a classification in the rule statement’s classtype option.

Select the rule classification(s) you want to enable. If classification matching is enabled, a rule and its classification must both be enabled for that rule to be processed. For example, suppose you want to enable all policy violation rules: simply right-click on the rule list, choose Enable all rules, and then enable the policy violation classification.

 

Starting Forensic Analysis using Snort rules

rev. 1

Chapter 6 Forensic Analysis using Snort

97

Page 96 Page 98
Page 97
Image 97
Network Instruments 114ff manual Rules tab
Page 96 Page 98

114ff specifications

Network Instruments 114ff is a sophisticated platform designed to enhance network visibility and performance management. This state-of-the-art device is aimed at network professionals who require a deep insight into their network’s behavior and performance metrics. One of its main features is its ability to provide real-time monitoring and analytics, which is crucial for quick decision-making in IT environments.

With a robust set of technologies embedded in its architecture, Network Instruments 114ff leverages advanced packet capture and analysis capabilities. It employs deep packet inspection (DPI) technology to evaluate data packets as they traverse the network. This functionality allows administrators to dissect various layers of network traffic, enabling them to identify anomalies and troubleshoot issues effectively. The 114ff can analyze both encrypted and unencrypted traffic, an asset as organizations increasingly adopt encryption protocols.

Another prominent feature of the Network Instruments 114ff is its customizable dashboard, which can be tailored to present the most relevant metrics at a glance. Users can visualize their network performance through a variety of graphs, charts, and alerts signaling potential performance degradation. This feature aids network managers in assessing key performance indicators (KPIs) and helps ensure that service level agreements (SLAs) are met.

The device is equipped with extensive reporting capabilities, allowing users to generate historical reports for analysis and compliance purposes. This function is essential for businesses that must comply with regulatory standards, as it enables them to maintain records of network performance and security incidents.

Furthermore, Network Instruments 114ff supports a variety of network protocols, ensuring compatibility with existing infrastructure. Its scalable architecture means organizations can adapt the device to cater to growing network demands without the need for significant overhauls. The integration capability with other Network Monitoring Systems (NMS) positions it as a flexible solution suited for diverse environments.

In summary, Network Instruments 114ff stands out as an essential tool for IT professionals looking to optimize network performance. With features such as real-time monitoring, deep packet inspection, customizable dashboards, and robust reporting capabilities, it delivers a comprehensive solution to manage and enhance network infrastructures effectively.