CAPTURE TRIGGERS FOR CAPTURING NETWORK DATA
First Claim
Patent Images
1. A method for facilitating the processing of network data, comprising:
- providing, on a computer system, a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network; and
providing, on the computer system, a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data comprises one or more event attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.
-
Citations
20 Claims
-
1. A method for facilitating the processing of network data, comprising:
-
providing, on a computer system, a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network; and providing, on the computer system, a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data comprises one or more event attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to; provide a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network; and provide a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data comprises one or more event attributes for facilitating analysis of the security risk. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating the processing of network data, the method comprising:
-
providing, on a computer system, a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network; and providing, on the computer system, a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data comprises one or more event attributes for facilitating analysis of the security risk. - View Dependent Claims (18, 19, 20)
-
Specification