Видео 1

Traffic Monitor Architecture and Technologies

Overview of Traffic Monitor System Architecture

• The backend of the Traffic Monitor system describes the event flow from network interface (ETX1 or ETX0) to database storage.

• Events are initially captured by components such as IV Sniffer, IV ICP, IV SMTPD, or IV API, which convert them into an internal format for further analysis.

• The IV Sniffer component processes data from span ports using protocols like SMTP, HTTP, POP3, and IMAP; ICQ is noted as obsolete and not discussed further.

Data Processing Flow

• Events from protocols POP3 and NRPC are passed to the IVM component by the IV Capsttia. SMTP and HTTP events are sent to the IV Proxy for further processing.

• The IVSMTPD component handles incoming email messages from mail servers in conjunction with IVM and IV Deliver components.

• After analysis, IVM forwards allowed SMTP emails to the mail delivery system; if delivery was initially blocked but later approved by a security officer, they are sent via IV Deliver.

Data Extraction and Analysis

• Components like IV Warp extract data from containers within intercepted objects; subsequent content analysis is performed by the IVC content analysis server.

• The process includes applying policies through various technologies installed in the system before finalizing object attributes with protection measures via the IV Pass component.

Final Data Handling

• Information is standardized across different interceptors/extractors before being sent to databases through XML + DAT files processed by the IV XDB component.

• Additional components include IVAT for configuration loading from databases and IV Adelbitum for managing user data retrieval from Active Directory.