Apparatus and Method for Network Analysis
First Claim
Patent Images
1. A method of extracting information from a session to create a record conforming to an event-based language, comprising:
- fielding a plurality of packet collectors in a network that handles digital data in at least one protocol;
using the plurality of packet collectors to collect the digital data;
converting the digital data into at least one session;
generating metadata that is indicative of a nature of the at least one session;
sending the metadata, from at least two of the plurality of data collectors, to an aggregator; and
allowing the metadata received at the aggregator to be accessed by a user such that the metadata generated at the at least two of the plurality of packet collectors can be viewed at substantially the same time,wherein the metadata is converted to an event statement describing an event that occurred during the at least one session between a first entity and a second entity associated with the at least one session.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for, and method of, extracting information from multiple sessions and in accordance with disparate protocols, and transforming the same into a common language. Packets are collected by packet collectors distributed throughout a network and those packets, and/or metadata relating to those packets, are passed to an aggregator, which is made available via an application program interface to users/applications.
47 Citations
21 Claims
-
1. A method of extracting information from a session to create a record conforming to an event-based language, comprising:
-
fielding a plurality of packet collectors in a network that handles digital data in at least one protocol; using the plurality of packet collectors to collect the digital data; converting the digital data into at least one session; generating metadata that is indicative of a nature of the at least one session; sending the metadata, from at least two of the plurality of data collectors, to an aggregator; and allowing the metadata received at the aggregator to be accessed by a user such that the metadata generated at the at least two of the plurality of packet collectors can be viewed at substantially the same time, wherein the metadata is converted to an event statement describing an event that occurred during the at least one session between a first entity and a second entity associated with the at least one session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of capturing and analyzing network data, comprising:
-
receiving, at an aggregator, a feed of data from a plurality of packet collectors distributed throughout an electronic data network, parsing the data in respective sessions in disparate protocols into sessions of a common language; communicating the common-language sessions to a forensics engine; providing access to the sessions of a common language via an application program interface; and controlling access to the sessions of a common language by licensing at least one plugin or application independently of a packet collector or aggregator. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification