公开(公告)号：US20240356957A1

公开(公告)日：2024-10-24

申请号：US18373765

申请日：2023-09-27

Applicant: Cisco Technology, Inc.

Inventor： Lukas Bajer ,  Pavel Prochazka ,  Michal Mares

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/1425

Abstract: Techniques for identifying malicious threats for investigation using network telemetry data. The techniques include receiving network telemetry data regarding a computer network and also receiving information regarding one or more known malicious nodes which are designated as seeds. A Risk Map Graph (RMG) is constructing using the one or more seeds and the relationship data. The RMG is used to assign risk scores to the network nodes. Data regarding the most at-risk nodes is sent to a security service for investigation. Data is received from the security service as to which of the selected nodes is malicious. These malicious nodes are designated as new seeds, and another RMG is constructed with these new seed nodes. This process can be continuously iterated until either the security budget has been reached or all relevant nodes have been investigated.