公开(公告)号：US20240356958A1

公开(公告)日：2024-10-24

申请号：US18453960

申请日：2023-08-22

Applicant: Cisco Technology, Inc.

Inventor： Tomas Jirsik ,  Cenek Skarda ,  David Sislak ,  Tomas Kuthan

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425

Abstract: This disclosure describes techniques for mapping local device identifiers used in monitoring data from different sources to a common global identifier to enable correlation of monitoring events related to the same device. The techniques can be used in the context of an Extended Detection and Response (XDR) system architecture for advanced threat detection and response in a computer system. In some cases, the XDR system ingests security data from various monitoring components like Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewall engines, and email security systems.