System, apparatus and method for prioritizing the storage of content based on a threat index

What is claimed is: 1. A method for controlling eviction for improved detection of malware, comprising: generating a retention priority for each flow of a plurality of flows stored within each of a plurality of storage blocks within a memory device, wherein each of the plurality of flows comprises information obtained from a plurality of related packets received over a network and each retention priority represents a value signifying a likelihood of a corresponding stored flow of the plurality of flows including data for use in identifying particulars associated with a malicious event that is part of a network breach to assist in remediation; in response to an eviction request upon determining that a storage capacity of the plurality of storage blocks exceeds a predetermined storage capacity level, identifying a block priority for each of the plurality of storage blocks, a block priority of a first storage block of the plurality of storage blocks being based on one or more retention priorities each associated with one of a first plurality of flows stored within the first storage block and a block priority of a second storage block of the plurality of storage blocks being based on one or more retention priorities each associated with one of a second plurality of flows stored within the second storage block, the block priority for each of the plurality of storage blocks identifying an order of eviction for the plurality of storage blocks, where at least the first storage block, having a lower block priority than the block priority of the second storage block, is to be evicted while the second storage block is retained; and using retention priorities of the first plurality of flows stored within the first storage block to identify one or more flows of the first plurality of flows to be retained and copied to one of the plurality of storage blocks other than the first storage block. 2. The method of claim 1 , wherein a retention priority of a first flow of the first plurality of flows stored within the first storage block is based on a particular node that is a source of the first flow and the retention priority is generated in accordance with one or more rules processed by storage priority policy logic. 3. The method of claim 1 , wherein a retention priority of a first flow of the first plurality of flows stored within the first storage block is based on a destination of the first flow stored within the first storage block. 4. The method of claim 3 , wherein the retention priority of the first flow is a value that identifies a likelihood that an attribute of the first flow is associated with the malicious event prior to storage as part of the first storage block. 5. The method of claim 1 further comprising: copying the one or more flows to be retained within the first storage block and retention priorities associated with the one or more flows to the second storage block prior to reclaiming storage space in the memory device associated with the first storage block. 6. The method of claim 1 , wherein the eviction request identifies a retention priority level being used by a storage priority policy logic of the memory device to determine the one or more flows of the first plurality of flows exceeding the retention priority level are to be retained and whether any of the first plurality of flows with retention priorities falling below the retention priority level are subject to eviction. 7. The method of claim 1 further comprising computing the block priority for each of the plurality of storage blocks based on retention priorities of one or more flows within each of the plurality of storage blocks, the block priority for each of the plurality of storage blocks comprises (i) the block priority of the first storage block based on retention priorities of the first plurality of flows stored within the first storage block and (ii) the block priority of the second storage block based on retention priorities of the second plurality of flows stored within the second storage block, wherein the block priority of the first storage block being less than the block priority of the second storage block to identify the first storage block being evicted prior to the second storage block. 8. The method of claim 1 , wherein the block priority of the first storage block and the block priority of the second storage block are retained in a priority map. 9. The method of claim 1 , wherein the data associated with each of the plurality of flows further assisting assist in remediation of the malware responsible for the network breach. 10. A method comprising: generating a retention priority for each of one or more flows associated with a first storage block of a memory device, wherein each flow of the one or more flows comprises information obtained from a plurality of related packets received over a network; generating a block priority for each of a plurality of storage blocks, a block priority of a first storage block of the plurality of storage blocks is based on retention priorities associated with the one or more flows stored within the first storage block and a block priority of a second storage block of the plurality of storage blocks is based on retention priorities associated with one or more flows stored within the second storage block, the block priority for each of the plurality of storage blocks identifying an order of eviction for the plurality of storage blocks; and in response to an eviction request initiated when a storage capacity of the plurality of storage blocks exceeds a predetermined storage capacity level, evicting the first storage block and retaining the second storage block when the block priority of the first storage block is less than the block priority of the second storage block, wherein each of the retention priorities associated with the one or more flows stored within the first storage block represents a value signifying a likelihood of a corresponding flow of the one or more flows includes data for use in identifying particulars associated with a malicious event that is part of a network breach. 11. The method of claim 10 , wherein the evicting of the first block includes reclaiming a physical storage associated with the first storage block by enabling the physical storage to be overwritten. 12. The method of claim 10 , wherein a retention priority of a first flow of the one or more flows stored within the first storage block is based on either (i) a particular node that is a source of the first flow or (ii) a destination of the first flow stored within the first storage block. 13. A network sensor for detection of malware, comprising: a data store that is to store (i) a plurality of threat index values including a threat index value for each flow attribute associated with a plurality of related objects corresponding to a first flow, the plurality of threat index values for use in generating retention priorities for a plurality of flows including the first flow where each retention priority of the retention priorities being a value representing whether information associated with a flow of the plurality of flows corresponding to the retention priority has a higher probability of including particulars associated with a malicious event that is part of a network breach; a hardware processor to (i) generate a retention priority for at least the first flow within a first storage block of a plurality of storage blocks, (ii) identify, in response to an eviction request initiated when a storage capacity of the plurality of storage blocks exceeds a predetermined storage capacity level, a block priority for each of the plurality of storage blocks in which a block priorit