Large-Scale Indicator Caches Built using Analysis Pipeline and the Elastic Stack

Abstract

Indicator caches make it quick and easy to find the presence of specific indicators such as IPs or domain names in flow traffic and later associate those cache records with full flow data to avoid expensive searches of the full repository. We tested an indicator cache system capable of processing 40 billion records/day.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2020
Accession Number
AD1088927

Entities

People

  • Anusha Sinha
  • Dillon Lareau

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Flowmeters
  • Indicators
  • Inspection
  • Pipelines
  • Storage

Readers

  • Cybersecurity.
  • Library and Information Science
  • Parallel and Distributed Computing.