Abstract: A method, apparatus and computer program product for selectively storing network traffic data are described. Network traffic is stored according to a first packet filtering policy in a first repository. The stored network traffic is scanned in the first repository according to a second packet filtering policy to identify a subset of network traffic for archiving. The identified subset of network traffic identified by the second packet filtering policy are forensically interesting packets concerning a security issue. The identified subset of network traffic from the first repository is then stored in a second repository.

Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.

Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.

Abstract: Methods, systems, devices and computer program code products for enabling searches of digital communications network traffic to identify information transmitted by, received by, or exchanged with a given human or non-human entity, include, or include elements for, translating Pcap files or streams of IP network packets obtained from the network into a scalable form suitable for query by search engine functionality, thereby to enable scalable, text-based search of network information contained in the Pcap files, and providing scalable search engine functionality to enable a user to execute text-based searches on textual or human relationship-identifying information derived from the Pcap files or streams of IP network packets, thereby to identify information transmitted by, received by, or exchanged with the given human or non-human entity, wherein the scalable search engine functionality is capable of scaling to search massive quantities of Pcap file or IP network packet data.

Abstract: Methods, systems, devices and computer program code products for enabling searches of digital communications network traffic to identify information transmitted by, received by, or exchanged with a given human or non-human entity, include, or include elements for, translating Pcap files or streams of IP network packets obtained from the network into a scalable form suitable for query by search engine functionality, thereby to enable scalable, text-based search of network information contained in the Pcap files, and providing scalable search engine functionality to enable a user to execute text-based searches on textual or human relationship-identifying information derived from the Pcap files or streams of IP network packets, thereby to identify information transmitted by, received by, or exchanged with the given human or non-human entity, wherein the scalable search engine functionality is capable of scaling to search massive quantities of Pcap file or IP network packet data.

Abstract: Network vulnerability testing methods, systems, devices, appliances and software products generate stateful and stateless network representative of network threats. The traffic is applied to a network or device under test, thereby to test the vulnerability of the network or device to threats. A graphical user interface, which does not require a programming or scripting language can be used to generate an intermediate descriptive format that can in turn be used to generate stateful or stateless threat signatures. By using the intermediate descriptive form, threats can be generated under the control of the graphical user interface and in accordance with stored threat signatures, without the need for a programming or scripting language.

Abstract: A protocol sleuthing system according to the present invention for load testing a network server includes a computer configured to interconnect with the network server, a protocol engine stored in and implemented by the computer and operative to generate a plurality of synthetic users, to generate a synthetic transaction in accordance with a specified protocol, and to cause each of the plurality of synthetic users to sequentially implement a plurality of the synthetic transactions with the network sever for load testing thereof, a configuration file connected to the protocol engine that includes variables required to generate the synthetic transaction, information that defines the behavior of the plurality of synthetic users implementing the synthetic transaction, and information that defines the number of synthetic users to be created by the protocol engine, and a module that is operative to monitor each of the plurality of synthetic transactions implemented by each of the plurality of synthetic users with t