Filtering Methodology.docx

File uploaded by RSA Admin Employee on Sep 14, 2012
Version 1Show Document
  • View in full screen mode

Filtering trusted and forensically unwanted traffic should be a top priority for every enterprise running NextGen.  By discarding the trusted and known, only the untrusted and unknown traffic will remain.  The following document discusses how to embark on a filtering project using a risk-based approach to eliminate the capture of traffic that only eats up decoder disk space.  Just ask yourself:  "Do I really need 340 gigs of icmp traffic?"  The answer is always no.


Embedded in the document are two Informer reports that will automatically suggest tuning candidates for you as well, taking out a bulk of the analysis time.