首页>
外国专利>
Efficient packet capture for cyber threat analysis
Efficient packet capture for cyber threat analysis
展开▼
机译:高效的数据包捕获,可进行网络威胁分析
展开▼
页面导航
摘要
著录项
相似文献
摘要
Methods, systems, and computer-readable media for efficiently detecting threat incidents for cyber threat analysis are described herein. In various embodiments, a computing device, which may be located at a boundary between a protected network associated with the enterprise and an unprotected network, may combine one or more threat indicators received from one or more threat intelligence providers; may generate one or more packet capture and packet filtering rules based on the combined threat indicators; and, may capture or filter, on a packet-by-packet basis, at least one packet based on the generated rules. In other embodiments, a computing device may generate a packet capture file comprising raw packet content and corresponding threat context information, wherein the threat context information may comprise a filtering rule and an associated threat indicator that caused the packet to be captured.
展开▼