New Advanced Filter Scripts for Savvius Capture Engine
Filters, Events and Summary Statistics are all very powerful features of the Savvius Capture Engine. How great would it be if you could create your own events and summary statistics using filters?! Well now you can do just that. With a new extension for the Savvius Capture Engine you can perform deep packet inspection of layers 1-7 and generate custom events and statistics from that data.
Some examples include tracking HTTP Errors, SSL Versions, DNS questions, usernames, filenames, passwords, etc. The list of possibilities is virtually infinite. This extension builds on the standard filters and advanced filter layout editor to create and manage Filter Scripts. Filter Scripts are advanced filters with special options to specify what data is extracted from the packet and what to do with the data, which is to create custom Event and/or Summary Statistics.
With Filter Scripts, they are even more powerful because the title text and the data can be customized. They are similar in that they are generated for each packet that satisfies the conditions of the filter. However, there are some major differences between them as well:
- Events can result in an email, a text, or some other type of notification.
- Events are timestamped and do not affect each other.
- Summary Statistics change over time as each filter gets triggered and can also be graphed and alarmed.
- Both Events and Statistics can be exported at a custom interval for use in other longer term reporting and analysis tools, like Splunk.