Plixer FlowPro terms

BotNet

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge

Command and Control

Command and Control cyberattacks (C2 or C&C) happen when bad actors infiltrate a system and install malware that lets them remotely send commands from a C2 server to infected devices

Data Exfiltration

Unauthorized data transfer, either manually from a device or over a network

DGA (Domain Generation Algorithms)

Algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with the command and control servers

DNS Data Leak

DNS server requests that are visible to third parties

Domain Reputation List

List of domains that have been determined, with a high probability, to be “bad domains”

DPI (Deep Packet Inspection)

An advanced method of examining and managing network traffic, functioning at the application layer of the OSI model

JA3 Signature

A method to fingerprint an SSL/TLS client connection based on fields in the Client Hello message from the SSL/TLS handshake. So named as it was first published by John Althouse, Jeff Atkinson, and Josh Atkins from Salesforce in 2017

NXDOMAIN (No Existing Domain)

Error message indicating that the domain is either not registered or invalid

Observation Domain

A value used by the collector device to group devices when receiving data sessions

plixer.ini

Plixer FlowPro configuration file

Trusted Domain List

List of domains that are allowed on the network (whitelisted)