Solved

SIEM traffic

Posted on 2016-11-07
5
25 Views
Last Modified: 2016-11-15
Dear All,

What is the meaning of Anonymizing Traffic in a SIEM. Does it mean some users are using Tor related applications?

Thanks,
T
0
Comment
Question by:TiazfaD
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
do you mean you have attached a log file showing the annoying traffic for further analysis by us? if so, the log was not attached.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Depends on SIEM category. But yes it should be referring to TOR which is one example of anonymised traffic. You have to trace down to machine with that idenified source ip from within your network to further confirm if user is really TOR browser or other software. You can also check content filter log with this event using anonymous website as proxy for internet surfing

https://www.logpoint.com/en/partnerships/technology-partners/2-uncategorised/221-emerging-threats
0
 

Author Comment

by:TiazfaD
Comment Utility
Hi btan,

Can vpn traffic be categorized as Anonymizing Traffic by the SIEM.

Regards,
T
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
Comment Utility
Yes it can but normally it will be tunnelled traffic.
0
 

Author Closing Comment

by:TiazfaD
Comment Utility
Dear All,

Thanks much for the valuable comments. Helped a lot.!

Regards,
T
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now