Analyzing UNIX Application Behavior

 < Day Day Up > 

Now that you have a better understanding of application behavior investigation on Windows systems, you need to understand the differences you will witness when performing an analysis on a UNIX-based system. When configuring the behavior investigation job, the only difference is that the target operating system defaults to UNIX, as shown in Figure 11-25. The rest of the steps are identical to that of the Windows behavior investigation process.

Figure 11-25. UNIX Behavior Analysis Configuration


The piece of the complete process that changes the most is the UNIX Behavior Analysis report associated with the job. The UNIX Behavior Analysis report has only three sections:

  • File Events

  • Network Events

  • Summary Reports

The other sections that were available in the Windows report are not available because they are Windows-specific configuration information. Both registry and COM object are concepts only available to Microsoft Windows operating systems. As you can see in Figure 11-26, the report mechanism is the same as for Windows reports, and you still have the same data export option available.

Figure 11-26. UNIX Behavior Analysis Report


     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net