When observing the data crossing your networks or in your log files, you can determine if there was an actual attack.

  • Benchmark your systems.
  • Determine what data normally belongs to the network so you can identify the abnormalities.

Not all abnormalities are signs of an attack.