Capture triggers for capturing network data
First Claim
Patent Images
1. A method for facilitating the processing of network data, comprising:
- identifying one or more events matching one or more specified parameters, the one or more events identified from time-series event data generated from network packets captured by one or more remote capture agents of a plurality of remote capture agents distributed across a network; and
in response to identifying the one or more events, sending configuration information to the one or more remote capture agents, the configuration information used by the one or more remote capture agents to generate additional time-series event data from network packets to be captured by the one or more remote capture agents.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.
-
Citations
28 Claims
-
1. A method for facilitating the processing of network data, comprising:
-
identifying one or more events matching one or more specified parameters, the one or more events identified from time-series event data generated from network packets captured by one or more remote capture agents of a plurality of remote capture agents distributed across a network; and in response to identifying the one or more events, sending configuration information to the one or more remote capture agents, the configuration information used by the one or more remote capture agents to generate additional time-series event data from network packets to be captured by the one or more remote capture agents. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to; identify one or more events matching one or more specified parameters, the one or more events identified from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network; and in response to identifying the one or more events, send configuration information to the one or more remote capture agents, the configuration information used by the one or more remote capture agents to generate additional time-series event data from network packets to be captured by the one or more remote capture agents. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause:
-
identifying one or more events matching one or more specified parameters, the one or more events identified from time-series event data generated from network packets captured by one or more remote capture agents of a plurality of remote capture agents distributed across a network; and response to identifying the one or more events, sending configuration information to the one or more remote capture agents, the configuration information used by the one or more remote capture agents to generate additional time-series event data from network packets to be captured by the one or more remote capture agents. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification