Technologies that collect, monitor, and/or analyze network traffic can be useful in searching for and identifying cyber security threats. However, the threat detection capability of network security systems can depend on the quality of captured data (e.g., network traffic) that is available for analysis. Some existing cyber-security technologies capture and process a network stream as a whole. However, a network stream can include vast quantities of data, and much of this data is not essential to successful detection and analysis of cyber threats. Sophisticated filtering schemes utilize a large amount of processing power and are generally cost-prohibitive to implement.