Link Search Menu Expand Document

Sankey

This is an active Sankey Diagram of information flowing through the system.

On the left side of the diagram is information entering the system.

Metaflow Engine data is the Fluency protocol analyzer adding flow data to fill in the gaps that are missed by the security tools. The boxes below that are data sources that provide messages.

The following steps are taken for incoming messages:

  1. The information is forwarded to the stream INPUT.
  2. The message collector (stream INPUT) examines the message and sends it to the correct parser.
  3. The parsers
    1. normalize the data into key-value fields producing a JSON document and
    2. define fields that are sensitive and have the value replaced with a pseudonym.
  4. The record and method of data collection are
    1. placed in the Event Database and
    2. sent to the Fusion engine.
  5. The Fusion engine
    1. enhances the record with table and third party lookups and
    2. merges the record with other records that share the same network tuple.