Statistical data is created through the analysis of other forms of network data.

Conclusions from these analyses can be used to describe or predict network behavior.

Event Viewer in Windows can be used to review entries in various logs.

Security Information and Event Management (SIEM) is a technology that provides real-time reporting and long-term analysis of security events.

Two SIEM platforms used by organizations are Splunk and Security Onion with ELK.

The tcpdump command line tool is a packet analyzer that captures detailed packet protocol and content data.

It can display packet captures in real time or write them to a file.

Cisco Cognitive Intelligence utilizes statistical data for statistical analysis in order to find malicious activity that has bypassed security controls, or entered through unmonitored channels (including removable media), and is operating inside the network of an organization.

The components of a 5-tuple include a

1) Source IP address,

2) Port number,

3) Destination IP address ,

4) Port number,

5) Protocol in use.

The tcpdump command line tool is a popular packet analyzer.

It can display packet captures in real time or write packet captures to a file.