Adaptive network monitoring with tuneable elastic granularity
First Claim
1. A method for monitoring network traffic using one or more network computers, wherein execution of instructions by the one or more network computers performs actions, comprising:
- passively monitoring information that is associated with network traffic associated with one or more networks;
in response to a determination that one or more conditions associated with activating one or more triggers for the monitored information has occurred, performing actions, including;
ranking a priority for each activated trigger, wherein an allocation of one or more of compute, data storage, or network resources for each activated trigger is based on its rank;
modifying a deep packet level of inspection based on an available amount of the one or more of compute, data storage or network resources allocated to each activated trigger, wherein the modification initiates or stops the deep packet level of inspection for the monitored information; and
employing available resources to perform the deep packet level of inspection on packets that were communicated in the network traffic during the occurrence of the one or more conditions; and
providing analysis of the network traffic based on the monitored information and the deep packet level of inspection for the packets.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.
228 Citations
20 Claims
-
1. A method for monitoring network traffic using one or more network computers, wherein execution of instructions by the one or more network computers performs actions, comprising:
-
passively monitoring information that is associated with network traffic associated with one or more networks; in response to a determination that one or more conditions associated with activating one or more triggers for the monitored information has occurred, performing actions, including; ranking a priority for each activated trigger, wherein an allocation of one or more of compute, data storage, or network resources for each activated trigger is based on its rank; modifying a deep packet level of inspection based on an available amount of the one or more of compute, data storage or network resources allocated to each activated trigger, wherein the modification initiates or stops the deep packet level of inspection for the monitored information; and employing available resources to perform the deep packet level of inspection on packets that were communicated in the network traffic during the occurrence of the one or more conditions; and providing analysis of the network traffic based on the monitored information and the deep packet level of inspection for the packets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A processor readable non-transitory storage media that includes instructions for monitoring network traffic using one or more network monitoring computers, wherein execution of the instructions by the one or more network computers perform actions, comprising:
-
passively monitoring information that is associated with network traffic associated with one or more networks; in response to a determination that one or more conditions associated with activating one or more triggers for the monitored information has occurred, performing actions, including; ranking a priority for each activated trigger, wherein an allocation of one or more of compute, data storage, or network resources for each activated trigger is based on its rank; modifying a deep packet level of inspection based on an available amount of the one or more of compute, data storage or network resources allocated to each activated trigger, wherein the modification initiates or stops the deep packet level of inspection for the monitored information; and employing available resources to perform the deep packet level of inspection on packets that were communicated in the network traffic during the occurrence of the one or more conditions; and providing analysis of the network traffic based on the monitored information and the deep packet level of inspection for the packets. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A network computer for monitoring communication over a network between two or more computers, comprising:
-
a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; passively monitoring information that is associated with network traffic associated with one or more networks; in response to a determination that one or more conditions associated with activating one or more triggers for the monitored information has occurred, performing actions, including; ranking a priority for each activated trigger, wherein an allocation of one or more of compute, data storage, or network resources for each activated trigger is based on its rank; modifying a deep packet level of inspection based on an available amount of the one or more of compute, data storage or network resources allocated to each activated trigger, wherein the modification initiates or stops the deep packet level of inspection for the monitored information; and employing available resources to perform the deep packet level of inspection on packets that were communicated in the network traffic during the occurrence of the one or more conditions; and providing analysis of the network traffic based on the monitored information and the deep packet level of inspection for the packets. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification