Dictionary · NIST SP 800-94

The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.

A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity.

Generating network traffic that is likely to trigger many alerts in a short period of time, to conceal alerts triggered by a “real” attack performed simultaneously.

A configuration setting for a network interface card that causes it to accept all incoming packets that it sees, regardless of their intended destinations.