Method of non-intrusive analysis of secure and non-secure web application traffic in real-time
First Claim
1. A method, comprising:
- non-instrusively capturing a plurality of communications from a communication channel in substantially real-time;
grouping the plurality of communications into one or more streams, each stream representing a network connection;
processing the one or more streams in parallel to create a plurality of transactions, wherein a first transaction includes a request communication and a response communication from the plurality of communications;
storing the plurality of transactions in a memory;
analyzing the plurality of transactions to detect a transaction of interest, wherein the transaction of interest is detected based on a predefined event; and
retrieving a set of transactions belonging to the plurality of transactions from the memory based on metadata associated with the transaction of interest, wherein each transaction in the set of transactions has a predefined relationship with the transaction of interest; and
organizing the set of transactions into a hierarchical data structure according to dependencies between the set of transactions.
8 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method and system for monitoring and analysis of networked systems, that is non-intrusive and real time. Both secure and non-secure traffic may be analyzed. The provided method involves non-intrusively copying data from a communication medium, reconstructing this data to a higher level of communication, such as the application level, grouping the data into sets, each set representing a session, and organizing the data for chosen sessions in hierarchical fashion which corresponds to the hierarchy of the communicated information. If monitored communications are encrypted, they are non-intrusively decrypted in real time. Hierarchically reconstructed session data is used by one or more plug-in applications, such as alarms, archival applications, visualization applications, script generation applications, abandonment monitoring applications, error detection applications, performance monitoring applications, and others.
-
Citations
22 Claims
-
1. A method, comprising:
-
non-instrusively capturing a plurality of communications from a communication channel in substantially real-time; grouping the plurality of communications into one or more streams, each stream representing a network connection; processing the one or more streams in parallel to create a plurality of transactions, wherein a first transaction includes a request communication and a response communication from the plurality of communications; storing the plurality of transactions in a memory; analyzing the plurality of transactions to detect a transaction of interest, wherein the transaction of interest is detected based on a predefined event; and retrieving a set of transactions belonging to the plurality of transactions from the memory based on metadata associated with the transaction of interest, wherein each transaction in the set of transactions has a predefined relationship with the transaction of interest; and organizing the set of transactions into a hierarchical data structure according to dependencies between the set of transactions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for non-intrusive analysis of secure communication between two or more applications communicating through a communication channel, comprising:
-
non-intrusively and securely capturing a communication passing through the communication channel in substantially real-time; grouping the communication into one or more streams in substantially real-time, each stream representing a network connection; processing the one or more streams in parallel to an application layer in substantially real-time to create a plurality of transactions; storing the plurality of transactions in a memory; analyzing the plurality of transactions to detect a transaction of interest, wherein the transaction of interest is detected based on a predefined event; parsing the transaction of interest and one or more of the plurality of transactions to determine a set of transactions associated with a web application session and a dependency among the set of transactions; and grouping the set of transactions into a hierarchical data structure, according to the dependencies among the set of transactions. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
non-intrusively copying a plurality of secure communications from a communication channel in substantially real-time; separating the plurality of secure communications into one or more streams in substantially real-time, each stream representing a network connection; processing the one or more streams into a set of transactions in substantially real-time, the set of transactions associated with the network communication; and arranging one or more of the set of transactions into a hierarchical data structure according to dependencies between the set of transactions. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification