Automatic provisioning of new users of interest for capture on a communication network
First Claim
1. A network monitoring system comprising:
- an access device operative to;
intercept data in transit over a computer network, andparse a data stream of the data in transit over the computer network based on an interception request made by an analyst to probe the computer network for a communication of a known user of interest; and
a metadata processing engine coupled to the access device, wherein the metadata processing engine determines a new user of interest using metadata from a user not currently of interest in conjunction with metadata from the communication of the known user of interest, and wherein the metadata processing engine is operative to;
accept the communication from the access device,evaluate the communication intercepted from the computer network for a relationship between the metadata of the communication of the known user of interest and the user not currently of interest,convert the user not currently of interest to a new user of interest based on the evaluation of the data retrieved from the computer network,automatically provision the new user of interest through enabling automatic generation of a second interception criteria to probe the computer network for a second communication of the new user of interest,communicate an identification (ID) for the new user of interest to the access device to enable the access device retrieve a second set of data that is in transit over the computer network based on the automatically generated second interception criteria to probe the computer network for the second communication of the new user of interest, andmonitor the computer network for the second set of data related to the new user of interest.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and apparatus for collecting data streams, such as data packets, on a network, such as the Internet, are disclosed. A metadata portion of at least one of the data streams is analyzed on the network and evaluated using a metadata processing engine to identify a relationship between at least two of the plurality of data streams, e.g., a relationship between multiple users of a network, regardless of whether the users are currently of interest or if they are not of interest. An interface manager can receive an information of a new user of interest, evaluate the new user of interest for redundancy against existing known users of interest of the NMS; then communicate the information of the new user of interest to at least one access device to collect data streams associated with the new user of interest.
-
Citations
33 Claims
-
1. A network monitoring system comprising:
-
an access device operative to; intercept data in transit over a computer network, and parse a data stream of the data in transit over the computer network based on an interception request made by an analyst to probe the computer network for a communication of a known user of interest; and a metadata processing engine coupled to the access device, wherein the metadata processing engine determines a new user of interest using metadata from a user not currently of interest in conjunction with metadata from the communication of the known user of interest, and wherein the metadata processing engine is operative to; accept the communication from the access device, evaluate the communication intercepted from the computer network for a relationship between the metadata of the communication of the known user of interest and the user not currently of interest, convert the user not currently of interest to a new user of interest based on the evaluation of the data retrieved from the computer network, automatically provision the new user of interest through enabling automatic generation of a second interception criteria to probe the computer network for a second communication of the new user of interest, communicate an identification (ID) for the new user of interest to the access device to enable the access device retrieve a second set of data that is in transit over the computer network based on the automatically generated second interception criteria to probe the computer network for the second communication of the new user of interest, and monitor the computer network for the second set of data related to the new user of interest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of monitoring data, the method comprising:
-
retrieving data in transit over a computer network through an access device based on an interception request made by an analyst to probe the computer network for a communication of a known user of interest, the communication comprising content data and metadata; appending, through the access device, a detail about the communication to a header of a data packet of the communication, the detail about the communication comprising at least one of a known user ID of the known user of interest and an identification of the analyst authorized to analyze the content data of the communication; determining that the communication of the known user of interest includes metadata identifying a user not currently of interest; converting the user not currently of interest into a new user of interest based on the determination that the communication of the known user of interest includes the metadata identifying the user not currently of interest; communicating an ID for the new user of interest to the access device to enable the access device retrieve a new set of data that is in transit over the computer network; and monitoring the computer network for the new set of data related to the new user of interest. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A network monitoring system comprising:
-
an access device operative to; intercept data in transit over a computer network, parse a data stream of the data in transit over the computer network based on an interception request made by an analyst to probe the computer network for a communication of a known user of interest, the communication comprising content data and metadata, and append, to a header of a data packet of the communication, a detail about the communication, the detail about the communication comprising at least one of a known user ID of the known user of interest and an identification of the analyst authorized to analyze the content data of the communication; and a metadata processing engine coupled to the access device, wherein the metadata processing engine determines a new user of interest using metadata from a user not currently of interest in conjunction with metadata from the communication of the known user of interest, and wherein the metadata processing engine is operative to; accept the communication from the access device, evaluate the communication intercepted from the computer network for a relationship between the metadata of the communication of the known user of interest and the user not currently of interest, convert the user not currently of interest to a new user of interest based on the evaluation of the data retrieved from the computer network, communicate an ID for the new user of interest to the access device, and monitor the computer network for a new set of data related to the new user of interest. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of provisioning a user to be monitored in a computer network, the method comprising:
-
retrieving data in transit over the computer network through an access device based on an interception request made by an analyst to probe the computer network for a communication of a known user of interest; determining that the communication of the known user of interest includes metadata identifying a user not currently of interest; converting the user not currently of interest into a new user of interest based on the determination that the communication of the known user of interest includes the metadata identifying the user not currently of interest; automatically provisioning the new user of interest by automatically generating a second interception criteria to probe the computer network for a second communication of the new user of interest; communicating an ID for the new user of interest to the access device to enable the access device retrieve a second set of data that is in transit over the computer network based upon the automatically generated second interception criteria to probe the computer network for the second communication of the new user of interest; and monitoring the computer network for the second set of data related to the new user of interest. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
Specification