HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback
([email protected]). Include the document title and part number, version number, or the URL when submitting your feedback.
57
Glossary
A
add-on module Like other IMC modules, the UBA module can be installed and uninstalled separately within a system running IMC.
C
CSV Comma-Separated Values. A special file storage format using a sequence of characters. With UBA, you can export audit results with the CSV format. UBA provides a JAVA program for reading CSV files.
D
device In IMC, devices include routers, switches, servers, desktop computers, or other machines that participate in the flow of traffic across a network. In the context of UBA, a device can collect all types of log files except the DIG log, which only a probe can collect.
DIG In UBA, a probe installed in a server provides DIG log collection and processing functions. Using the UBA DIG log probe, you can analyze the traffic mirrored from a router or switch port.
H
HTTP Hypertext Transfer Protocol. A protocol that provides a basic data communication rule for the World Wide Web. In the user behavior audit process, it is an application type that can be displayed in the audit results.
I
ICMP Internet Control Message Protocol. A protocol that defines a type of packet that is used in echo requests by the ping and hwping commands. ICMP can also be used to relay query messages.
ICMP differs from transport protocols, such as TCP and UDP, because it is not typically used to exchange data between systems. ICMP is not regularly employed by end-user network applications.
ICMP for Internet Protocol version 4 (IPv4) is also known as ICMPv4.
IPv6-ICMP Internet Control Message Protocol, version 6. An integral part of IPv6 performs error reporting and diagnostic functions. IPv6 also provides a framework for extensions to implement future changes. IPv6–ICMP is defined in RFC 4443.
L
Layer 4 Transport layer, the fourth layer of the OSI model. It is provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end data transfer.
Layer 7 Application layer, the seventh layer of the OSI model. It supports application and end-user processes. Everything at this layer is application specific. This layer provides application services for data transfer, email, and other network software services.
N
NAT Network Address Translation. An Internet standard that enables IP address information on IP packet headers to be modified while in transit across a traffic routing device. The UBA module supports collection and analysis of NAT flows.
NetFlow A network protocol, developed by Cisco, used to collect IP traffic packets and age them into fixed architecture flow to improve network efficiency. Meanwhile, the processing device also generates flow records, which can be collected and processed by UBA.
NetStream An Internet technology used to collect and analyze IP packets according to various diagram information, such as Destination IP address, Destination Port, Source IP address, and Source Port.
UBA can audit NetStream flow records.
58 Glossary
NTA Network Traffic Analyzer. An IMC module that shares the data sources with UBA but has a different data processing policy. The UBA Settings page shows several functions shared by UBA and NTA.
O
OS The computer operating system or platform on which the software runs; for example, UNIX, Linux, Solaris, or Windows.
S
sFlow Sampled Flow. A process using sampling to achieve scalability and forward flows to a high speed network. The sampled packets are sent as sFlow data to a central server.
SNMP Simple Network Management Protocol. The standard communications protocol containing a set of standards for managing devices (routers, switches, modems, servers, and so on) on IP networks.
UBA can communicate with most network devices that support SNMP.
T
TCP Transmission Control Protocol. One of the core communications protocols used on the Internet and similar networks.
U
UBA User Behavior Auditor. A service module that provides user behavior audits based on network log flow.
UDP User Datagram Protocol. One of the core communications protocols used on the Internet and similar networks.
59
Index
A
aggregation policy,22
alarms, setting triggers for exceeded thresholds,40 application,9
applications
adding a user-defined application,26 batch importing user-defined applications,27 managing the application list,26
modifying pre-defined applications,28 modifying user-defined applications,28 removing user-defined,26
architecture diagram of network,42 audit results
customizing,36 querying,36
viewing additional records,36 viewing by group,36
audit task,9 audit tasks
adding,35 modifying,35 removing,35
viewing by specifying audit task according to corresponding audit type,34
audit types
database space usage,11 device management,14 probe management,15 server management,15
User Behavior Audit management,17 configuring UBA,20
managing a filter strategy,24 managing applications,25
managing database storage space,30 managing UBA data sources,20 managing UBA servers,22 configuring UBA parameters,29 contacting HP,55
conventions document,55 text symbols,56
CSV format , using to export audit results,37
D
database space,30
database space, viewing disk and file use,30 device management,7
providing feedback on,57
E
example scenario for UBA deployment and use,42 exporting audit results,37
exporting data, configuring,39 exporting log files,38
data export workflow diagram,38 log file report,38
log file types,38 prerequisites,38 setting log lifetime,40
F
filter strategy,24 adding,25 deleting,24 modifying,24
viewing the filter strategy list,24
H
help, obtaining,55 HP technical support,55
L
log file audit, configuring,40 log files, checking,40
M
managing UBA data sources devices,20
log types,20 probes,21
managing UBA servers ,22 menus,10
127.0.0.1,12
application management,18 data export,12
database space usage,11 device management,14 filter strategy,19 parameters,19
probe management,15 server management,15 user behavior audit,10 60 Index
User Behavior Audit management,17 monitoring user behavior
audit conditions,31 audit modes,31
task-oriented auditing,34 viewing audit result,36
N
network flow record collection device management,7 probe management,7 server management,8 network flow record processing
application ,9
max displayed entries for audit,29 parameters menu,19
probe,7, 21 probe, adding,21 procedures
adding a filter strategy,25 adding a probe,21
adding a user-defined application,26 adding an audit task,35
adding device,20 audit results by group,36
batch importing user-defined applications,27 checking deployment result,22
configuring audit conditions,33 customizing audit results,36 exporting audit results,37 modifying an audit task,35
modifying pre-defined applications,28 modifying the UBA server,22
modifying user-defined applications,28 querying applications,26
querying audit results,36 refreshing applications,26 refreshing UBA server list,22 removing an audit task,35
removing user-defined applications,26 setting log lifetime,40
specifying audit type in order to view task of corresponding type,34
viewing additional audit results records,36 viewing application details,26
viewing applications list,26 viewing audit result,36 viewing audit task details,35
viewing database disk and file use,30 viewing UBA server list/details,22
viewing, modifying, deleting a filter strategy,24 products, providing feedback,56
Q symbols in text,56
T
task-oriented auditing,34 technical support,55 text symbols,56
Traffic Analysis and Audit Configuration page,13 troubleshooting,51
network flow record collection,7 network flow record processing,9
V
viewing audit task details,35 viewing the audit task list,34
W
websites,55
61