Accession Number:

AD1088927

Title:

Large-Scale Indicator Caches Built using Analysis Pipeline and the Elastic Stack

Descriptive Note:

Conference Paper

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Personal Author(s):

Report Date:

2020-01-01

Pagination or Media Count:

1.0

Abstract:

Indicator caches make it quick and easy to find the presence of specific indicators such as IPs or domain names in flow traffic and later associate those cache records with full flow data to avoid expensive searches of the full repository. We tested an indicator cache system capable of processing 40 billion recordsday.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE