公开(公告)号：US20240356935A1

公开(公告)日：2024-10-24

申请号：US18237282

申请日：2023-08-23

Applicant: Cisco Technology, Inc.

Inventor： Michael Adam Polak ,  Veronika Andrea Polakova ,  Lukas Batrla

IPC: H04L9/40

CPC classification number: H04L63/1416

Abstract: Techniques for identifying malicious threats for investigation using network telemetry data. The techniques include the use weak learner models to analyze data from multiple event sources. The techniques further include aggregating data signals from the weak learner models to generate a high-fidelity data signal of threat sources. The aggregated data signal can be sent to a Security Operation Center to provide a list of nodes with a high likelihood of malicious threats along with convicting evidence to aid in investigating the identified nodes.