Network Activity by Full Packet Capture Use Cases

Grouped by Detection Method

Aggregate Count

Blacklist Alert

Certificate Expired
Certificate is Self-Signed
Certificate Algorithm is Weak
Certificate Validity Exceeds 3 Years
Certificate Common Name Has no Periods
Certificate With Blank Fields

Whitelist Alert

Certificate with Invalid Country Code/State

Levenshtein Score Alert

Rolling Whitelist Alert

Shannon Entropy Score Alert

Threshold Alert

Log Source Examples

Network IDS Logs
Layer 7 Firewall Logs

Possible False Positives