A security analyst is investigating a host that is suspected of being used as a pivot point in a network intrusion. The analyst needs to identify which process initiated an outbound connection to a known malicious IP address. Which host-based analysis approach should the analyst use to correlate the network connection to the specific process?
Select one:
Cisco often tests the distinction between network-level logs (firewall logs) and host-level process-...