Last Updated on August 1, 2021 by Admin 1
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
- DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
- IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
- DNS/ Web Server logs with IP addresses.
- Apache/ Web Server logs with IP addresses and Host Name.