公开(公告)号：US20240356936A1

公开(公告)日：2024-10-24

申请号：US18368413

申请日：2023-09-14

Applicant: Cisco Technology, Inc.

Inventor： Jaroslav Hlavac ,  Tomas Jirsik ,  Benjamin Paterek

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1433

Abstract: Techniques and architecture are described for dynamically assigning a final risk score to security alerts from network devices. A first security alert from a first network device and a second security alert from a second network device are received. The first and second security alerts are generated by different security products. The first security alert and the second security alert are evaluated, using, for example, device risk scores and alert risk scores, and based at least in part on the evaluating (i) a first final risk score related to the first security alert and (ii) a second final risk score related to the second security alert are generated. The first and second final risk scores are provided to a prioritized alert queue, wherein the first security alert and the second security alert are prioritized based on values of the first final risk score and the second final risk score.

公开(公告)号：US20240356958A1

公开(公告)日：2024-10-24

申请号：US18453960

申请日：2023-08-22

Applicant: Cisco Technology, Inc.

Inventor： Tomas Jirsik ,  Cenek Skarda ,  David Sislak ,  Tomas Kuthan

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425

Abstract: This disclosure describes techniques for mapping local device identifiers used in monitoring data from different sources to a common global identifier to enable correlation of monitoring events related to the same device. The techniques can be used in the context of an Extended Detection and Response (XDR) system architecture for advanced threat detection and response in a computer system. In some cases, the XDR system ingests security data from various monitoring components like Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewall engines, and email security systems.

公开(公告)号：US20240356949A1

公开(公告)日：2024-10-24

申请号：US18454553

申请日：2023-08-23

Applicant: Cisco Technology, Inc.

Inventor： Tomas Jirsik ,  Cenek Skarda ,  David Sislak ,  Jaroslav Hlavac

IPC: H04L9/40 ,  H04L43/067

CPC classification number: H04L63/1425 ,  H04L43/067 ,  H04L63/20

Abstract: This disclosure describes techniques for mapping local device identifiers used in monitoring data from different sources to a common global identifier to enable correlation of monitoring events related to the same device. The techniques can be used in the context of an Extended Detection and Response (XDR) system architecture for advanced threat detection and response in a computer system. In some cases, the XDR system ingests security data from various monitoring components like Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewall engines, and email security systems.