SIEM traffic

TiazfaD
TiazfaD used Ask the Experts™
on
Dear All,

What is the meaning of Anonymizing Traffic in a SIEM. Does it mean some users are using Tor related applications?

Thanks,
T
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bbaoIT Consultant

Commented:
do you mean you have attached a log file showing the annoying traffic for further analysis by us? if so, the log was not attached.
Exec Consultant
Distinguished Expert 2018
Commented:
Depends on SIEM category. But yes it should be referring to TOR which is one example of anonymised traffic. You have to trace down to machine with that idenified source ip from within your network to further confirm if user is really TOR browser or other software. You can also check content filter log with this event using anonymous website as proxy for internet surfing

https://www.logpoint.com/en/partnerships/technology-partners/2-uncategorised/221-emerging-threats

Author

Commented:
Hi btan,

Can vpn traffic be categorized as Anonymizing Traffic by the SIEM.

Regards,
T
btanExec Consultant
Distinguished Expert 2018
Commented:
Yes it can but normally it will be tunnelled traffic.

Author

Commented:
Dear All,

Thanks much for the valuable comments. Helped a lot.!

Regards,
T

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial