Solved

SIEM traffic

Posted on 2016-11-07
5
42 Views
Last Modified: 2016-11-15
Dear All,

What is the meaning of Anonymizing Traffic in a SIEM. Does it mean some users are using Tor related applications?

Thanks,
T
0
Comment
Question by:TiazfaD
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41878190
do you mean you have attached a log file showing the annoying traffic for further analysis by us? if so, the log was not attached.
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41878290
Depends on SIEM category. But yes it should be referring to TOR which is one example of anonymised traffic. You have to trace down to machine with that idenified source ip from within your network to further confirm if user is really TOR browser or other software. You can also check content filter log with this event using anonymous website as proxy for internet surfing

https://www.logpoint.com/en/partnerships/technology-partners/2-uncategorised/221-emerging-threats
0
 

Author Comment

by:TiazfaD
ID: 41879846
Hi btan,

Can vpn traffic be categorized as Anonymizing Traffic by the SIEM.

Regards,
T
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 41879876
Yes it can but normally it will be tunnelled traffic.
0
 

Author Closing Comment

by:TiazfaD
ID: 41889103
Dear All,

Thanks much for the valuable comments. Helped a lot.!

Regards,
T
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 153
when are the certificates exchanged in a TLS session 1 75
Wireshark 7 69
discontiguous network and EIGRP 12 63
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now