Which data source would an investigator most likely review to trace unauthorized internal traffic patterns indicative of post-breach attacker movement?
Network logs are a primary resource for monitoring internal network traffic, which includes tracking unauthorized data flow or lateral movement within the organization’s network infrastructure. Application logs are focused on specific software and may not capture network-wide traffic data. Endpoint logs give insight into individual host activity and might not show comprehensive internal traffic patterns. System health reports are typically concerned with the performance and health of systems, and do not usually provide the granular traffic data needed for tracking lateral movements.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What types of information can be found in network logs?
How do attackers utilize network logs for lateral movement?
What are some limitations of relying solely on network logs?