Patent attributes
An endpoint agent configured, when executed on an endpoint device, to: access outgoing and/or incoming packets via a local traffic access function of the endpoint device, the outgoing packets sent from a network interface of the endpoint device to a packet-switched network and carrying outbound payload data generated by one or more processes executed on the endpoint device, the incoming packets received at the network interface from the packet-switched network and carrying inbound payload data for processing by the one or more processes; extract network traffic telemetry from the outgoing and/or incoming packets, the extracted network traffic telemetry summarizing the outgoing and/or incoming packets; and transmit, to a cybersecurity service, a series of network telemetry records containing the extracted network traffic telemetry for use in performing a cybersecurity threat analysis. Further aspects pertain to the “deduplication” of telemetry records when network traffic is monitored by multiple sources.