Data Ingestion

Logs provide a detailed, chronological record of events which is necessary to investigate security incidents.

Without data flowing in, there is nothing to look at!

Security analysts make use of data from different sources - network traffic logs, host-based data (think of system logs) as well as threat intelligence to triage such security incidents.

PCAP

Understanding and analyzing packet-level evidence in pcap files.