To perform a complete investigation and analysis of a security event, you might want to monitor network activities in detail. Sentinel helps you monitor your enterprise network by collecting, visualizing, and analyzing network flow data.
Network flow data helps you with the following types of analysis:
Monitor network activities in near real time and those that occurred at the time of a security event for a given IP address.
Analyze the change in network activity before and after a security event.
Determine the impact of a security event on the resources of an affected system. For example, whether the network traffic into or out of a host changed after the security event.
Track network propagation behavior for attacks such as viruses, bots, and DDOS.
Remediate issues and verify the solution by network flow inspection. For example, you can verify whether you need to create a firewall rule to prevent such security issues.
This chapter provides information about the following: