International Business Machines Corporation
Intelligent security context aware elastic storage

Abstract:

A method, apparatus and computer program product for selectively storing network traffic data are described. Network traffic is stored according to a first packet filtering policy in a first repository. The stored network traffic is scanned in the first repository according to a second packet filtering policy to identify a subset of network traffic for archiving. The identified subset of network traffic identified by the second packet filtering policy are forensically interesting packets concerning a security issue. The identified subset of network traffic from the first repository is then stored in a second repository.