I am a cybersec enthusiast and was wondering how do you guys do the protocol analyzing (for example by using Wireshark) on day to day basis. AFAIK even a smaller company can have millions of logs in a short time span so you possibly cannot analyze each packet. I know this should be risk based and you are not really supposed to analyze everything but I'd like to know the details of how it is really done in practice. What are the relevant frameworks?
No comments:
Post a Comment