TECHNOLOGIES FOR ANNOTATING PROCESS AND USER INFORMATION FOR NETWORK FLOWS
First Claim
1. A method comprising:
- monitoring, by a capturing agent executing on a first device in a network, a network flow associated with the first device;
generating a control flow based on the network flow, the control flow comprising metadata describing the network flow;
determining which process executing on the first device is associated with the network flow to yield process information;
labeling the control flow with the process information to yield a labeled control flow; and
transmitting the labeled control flow to a second device in the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.
-
Citations
20 Claims
-
1. A method comprising:
-
monitoring, by a capturing agent executing on a first device in a network, a network flow associated with the first device; generating a control flow based on the network flow, the control flow comprising metadata describing the network flow; determining which process executing on the first device is associated with the network flow to yield process information; labeling the control flow with the process information to yield a labeled control flow; and transmitting the labeled control flow to a second device in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a virtual machine, the virtual machine having a first capturing agent, wherein the first capturing agent is configured to; monitor a first network flow associated with the virtual machine; generate a first control flow based on the first network flow, the first control flow comprising first metadata describing the first network flow; label the first control flow with a first identifier of a first process executing on the virtual machine and being associated with the first network flow to yield a first labeled control flow; and transmit the first labeled control flow to a collector via the network; and a hypervisor hosting the virtual machine, the hypervisor having a second capturing agent, wherein the second capturing agent is configured to; monitor a second network flow associated with the hypervisor, the second network flow comprising the first labeled control flow; generate a second control flow based on the second network flow, the second control flow comprising second metadata describing the second network flow; label the second control flow with a second identifier of a second process executing on the hypervisor and being associated with the second network flow to yield a second labeled control flow; and transmit the second labeled control flow to the collector via the network. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
monitoring, by a capturing agent running on a first device in a network, a network flow associated with the first device; generating a control flow based on the network flow, the control flow comprising metadata describing the network flow; determining which user of the first device is associated with the network flow to yield user information; labeling the control flow with the user information to yield a labeled control flow; and transmitting the labeled control flow to a second device in the network. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification