US 12,464,001 B2
Multi-cloud network analysis and threat intelligence correlation
Pushkar Saraf, Seattle, WA (US); Sanket Chobe, Chicago, IL (US); Akashkiran Shivakumar, Tempe, AZ (US); and Amit Singh, Burnaby (CA)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Jul. 19, 2023, as Appl. No. 18/355,087.
Prior Publication US 2025/0030712 A1, Jan. 23, 2025
Int. Cl. H04L 9/40 (2022.01); H04L 41/22 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 41/22 (2013.01); H04L 63/1416 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising steps of:
retrieving, by a posture control data pipeline, network flow logs stored in a cloud-based object store, the network flow logs being associated with one or more Virtual Private Cloud (VPC) networks and formatted according to a custom schema defined for a corresponding Cloud Service Provider (CSP);
detecting new flow log files based on a comparison with previously processed files, and maintaining a file status for each of the flow log files indicating progress through stages of ingestion;
processing the detected new network flow logs to enrich critical fields using posture control metadata comprising geolocation data, instance metadata, and VPC configuration details;
aggregating the network flow logs for further processing; and
identifying threats associated with the one or more VPC networks based on the enriched and aggregated network flow logs.