Node: General Process Steps, Next: , Previous: Two Types of Triggers, Up: Analysis of Incidents and Alarms



General Process Steps

The following steps will both aid the Bro user with uncovering network activity of interest, and also help acquaint the user with the anomalies that Bro detects, together building up an understanding of what constitutes "normal" network traffic for the local site. The analyst might follow each successive step with each incident until a firm determination is made if the incident is malicious or a "false positive".