主权项 |
1. A network security breach detection system comprising:
a real-time path including a real-time analysis engine configured to receive first event data indicative of first activity on a computer network, the real-time event analysis engine configured to detect, in real time, first indicia of possible security breaches based on the first event data, and to generate, in real-time, analysis result data representing the first indicia for output to a user; a non-volatile storage system to store the real-time analysis result data; and a batch path including a batch analysis engine configured to operate concurrently with the real-time analysis engine, the batch analysis engine further configured to retrieve, from the non-volatile storage system, the real-time analysis result data and second event data indicative of second activity on the computer network, the second event data having been stored in the non-volatile storage system prior to analysis of the first event data by the real-time analysis engine, the batch analysis engine further configured to detect, in a batch mode, second indicia of possible security breaches based on the second event data and the real-time analysis result data. |