NetMon Glossary
The place to find the meaning of terms found in NetMon user guides, training materials, and other documents.
A | |
|---|---|
Agent for NetMon | A software component that receives data from the appliance and then sends it to the LogRhythm SIEM for further processing. |
Alarm | An alarm is triggered when network traffic matches a rule found on the Alarms > Rules page. When an alarm is triggered, it is sent as an event to the LogRhythm SIEM. |
Appliance | The NetMon hardware. |
Application | Network protocols or web applications that NetMon identified using pattern matching and heuristic modeling, as well as signatures. |
B | No terms available |
C | |
Client | Initiator of a session, such as a workstation or laptop. |
D | |
DAS | Direct Attached Storage |
Deduplication | A process that recognizes and consolidates duplicate event data from log sources into a single, aggregate record. |
Deep Packet Analytics | Allows users to write rules that interact with network traffic as it is being processed. |
Deep Packet Analytics Rules | Custom rules that enable users to determine flow state, access and set metadata, trigger alarms, enable capture, write log messages. |
Deep Packet Inspection | A process whereby NetMon analyzes network data using a variety of methods, including pattern matching, heuristic modeling, signatures for session identification, application identification, and metadata extraction. |
DNS | Domain Name Server |
| DPA | See Deep Packet Analytics |
| DPI | See Deep Packet Inspection |
E | |
Engine | The packet processing component that classifies data during Deep Packet Inspection. |
Event | A Syslog message to LogRhythm SIEM that can be a message about an error, failure, attack, and more. |
F | |
Flow | A collection of activity by a single user on a single application. The flow contains source and destination information, bytes and packet counts transferred in both directions, application identification, and many other metadata fields. Long-running flows send updates every 10 minutes by default, but you can change that value. Each flow has a unique identifier that links multiple intermediate flows together. |
G | No terms available |
H | |
Half Session | A session is a bi-directional flow of packets between one client and one server. A half session defines one direction of that flow, on either the sender or receiver side. |
I | |
Intermediate Flow | An update of the communications between the client and server. |
IP | Internet Protocol |
J | No terms available |
K | |
| KB | See Knowledge Base |
Knowledge Base | A LogRhythm Package that consists of a mixture of content both required and optional that is shared across a LogRhythm Deployment. It consists of the core Knowledge Base as well as modules. The core Knowledge Base includes content applicable to all deployments, such as log processing rules, policies, and classifications. |
L | |
Layout | Saved queries and charts, which provide a view into specific data. For example, the Packet Layout shows graphs and tables relating to packets processed in the network. |
License Limited | In the Data Rate chart, indicates the rate in megabits per second at which packets are being throttled/discarded according to your licensed capture rate. |
Logger | The Flow Output component that processes the metadata into flows. |
LogRhythm NetMon Freemium | The free version of LogRhythm NetMon with reduced functionality. |
Lua | A lightweight multi-paradigm programming language designed as a scripting language with extensible semantics as a primary goal. |
Lucene Search | An open-source text retrieval library released under the Apache Software License. NetMon queries are performed using Lucene search. |
M | |
Memory Pool | Pre-allocated memory space with a fixed size. Pools allow for dynamic memory allocation and can help improve performance. |
Metadata | Data generated during packet-processing, appropriate to each application. For example, metadata might include the login, command, and filename from the file transfers or messages inside an Internet Relay Chat (IRC). |
N | |
Network Time Protocol | A networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. |
| NTP | See Network Time Protocol |
O | |
OS | Operating System |
P | |
PCAP | A file format used for saving raw flow data. |
PCAP File | An industry-standard format for containing packet capture data. PCAP data includes the raw packets for a flow. NetMon stores the raw packets from the network tap in PCAP files. |
Q | No terms available |
R | No terms available |
S | |
Session | A bi-directional flow of packets between one client and one server. A half session defines one direction of that flow, on either the client or server side. |
SIEM | Security Information and Event Management. The LogRhythm SIEM is a security intelligence and log management platform that delivers advanced cyber threat defense, detection, and response to protect networks from a rapidly evolving threat landscape. |
| SMTP | Simple Mail Transfer Protocol |
SNMP | Simple Network Management Protocol |
SSL | Secure Sockets Layer |
Syslog | An open-source protocol for passing data to a Syslog server. NetMon transfers data to the LogRhythm SIEM (or to a third-party system) using the Syslog protocol. |
T | |
TCP | Transmission Control Protocol |
U | |
UDP | User Datagram Protocol |
URL | Uniform Resource Locator |
UTC | Coordinated Universal Time. The primary time standard by which the world regulates clocks and time. Time zones around the world are expressed as positive or negative offsets from UTC. The hours, minutes, and seconds that UTC expresses is kept close to the mean solar time at the Earth's prime meridian (zero degrees longitude) located near Greenwich, England. |
V | No terms available |
W | No terms available |
X | No terms available |
Y | No terms available |
Z | No terms available |