Network Activity by Full Packet Capture Use Cases
Grouped by Detection Method
Aggregate Count
Blacklist Alert
- Certificate Expired
- Certificate is Self-Signed
- Certificate Algorithm is Weak
- Certificate Validity Exceeds 3 Years
- Certificate Common Name Has no Periods
- Certificate With Blank Fields
Whitelist Alert
- Certificate with Invalid Country Code/State
Levenshtein Score Alert
Rolling Whitelist Alert
Shannon Entropy Score Alert
Threshold Alert
Log Source Examples
- Network IDS Logs
- Layer 7 Firewall Logs
Possible False Positives