Fuzzy cyber detection pattern matching

What is claimed is: 1. A method, in a data processing system, for identifying a pattern of computing resource activity of interest, in activity data characterizing activities of computer system elements, the method comprising: receiving, by the data processing system, the activity data characterizing activities of computer system elements from one or more computing devices of a monitored computing environment; generating, by the data processing system, a temporal graph of the activity data, wherein the temporal graph comprises nodes representing the computer system elements and edges connecting nodes, wherein each edge represents an event occurring between computer system elements represented by nodes connected by the edge; applying, by the data processing system, a filter to the temporal graph to generate one or more first vector representations, each vector representation characterizing nodes and edges within a moving window defined by the filter; applying, by the data processing system, the filter to a pattern graph representing a pattern of entities and events between entities indicative of the pattern of computing resource activity to be identified in the temporal graph, wherein application of the filter to the pattern graph creates a second vector representation; comparing, by the data processing system, the second vector representation to the one or more first vector representations to identify one or more nearby vectors in the one or more first vector representations; and outputting, by the data processing system, one or more subgraph instances corresponding to the identified one or more nearby vectors to an intelligence console computing system as inexact matches of the temporal graph. 2. The method of claim 1 , further comprising training at least one graph neural network (GNN), based on a training dataset, to perform a vector embedding of attributes of the nodes and edges of an input graph to generate a vector output corresponding to the attributes of the nodes and edges of the input graph, and wherein applying the filter to the temporal graph comprises executing the trained at least one GNN on the temporal graph as the input graph, and wherein applying the filter to the pattern graph comprises executing the trained at least one GNN on the pattern graph as the input graph. 3. The method of claim 2 , wherein the training dataset comprises one or more known activity graphs corresponding to activity performed by a known set of computing elements, at least one known pattern graph corresponding to at least one known pattern of activity of interest, and an indication of a correct vector output or classification to be generated by the at least one GNN based on the one or more known activity graphs and the at least one known pattern graph as inputs to the at least one GNN. 4. The method of claim 2 , wherein the at least one GNN comprises a plurality of GNNs, each GNN having a different size corresponding filter, and wherein applying the filter to the temporal graph and applying the filter to the pattern graph comprises executing a GNN selected from the plurality of GNNs having a corresponding filter of a size corresponding to a size of the pattern graph. 5. The method of claim 1 , wherein the filter has a first dimension corresponding to a reachability limit indicating a distance of nodes away from a first node within the moving window that are within the moving window, and a second dimension corresponding to a time range, from a time point corresponding to a center time point of the moving window, of events that are within the moving window. 6. The method of claim 1 , wherein applying the filter to the temporal graph further comprises storing a mapping of portions of the one or more first vector representations to attributes of nodes and edges in the moving window, and wherein outputting the one or more subgraph instances corresponding to the identified one or more nearby vectors comprises converting the one or more nearby vectors to corresponding subgraph instances in the one or more subgraph instances based on the stored mapping. 7. The method of claim 1 , wherein comparing the second vector representation to the one or more first vector representations to identify one or more nearby vectors in the one or more first vector representations comprises identifying the one or more nearby vectors based on an inexact matching of the second vector representation to portions of the one or more first vector representations to thereby identify the one or more nearby vectors. 8. The method of claim 1 , wherein comparing the second vector representation to the one or more first vector representations to identify the one or more nearby vectors in the one or more first vector representations comprises, for each first vector representation in the one or more first vector representations: performing a vector distance based comparison of the second vector representation to the first vector representation to generate a similarity measure corresponding to the first vector representation; comparing the similarity measure to a threshold similarity measure to determine if the first vector representation represents a nearby vector; and in response to the similarity measure having a predetermined relationship relative to the threshold similarity measure, returning the first vector representation as a nearby vector. 9. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a data processing system, causes the data processing system to: receive activity data characterizing activities of computer system elements from one or more computing devices of a monitored computing environment; generate a temporal graph of the activity data, wherein the temporal graph comprises nodes representing the computer system elements and edges connecting nodes, wherein each edge represents an event occurring between computer system elements represented by nodes connected by the edge; apply a filter to the temporal graph to generate one or more first vector representations, each vector representation characterizing nodes and edges within a moving window defined by the filter; apply the filter to a pattern graph representing a pattern of entities and events between entities indicative of the pattern of computing resource activity to be identified in the temporal graph, wherein application of the filter to the pattern graph creates a second vector representation; compare the second vector representation to the one or more first vector representations to identify one or more nearby vectors in the one or more first vector representations; and output, by the data processing system, one or more subgraph instances corresponding to the identified one or more nearby vectors to an intelligence console computing system as inexact matches of the temporal graph. 10. The computer program product of claim 9 , wherein the computer readable program further causes the data processing system to train at least one graph neural network (GNN), based on a training dataset, to perform a vector embedding of attributes of the nodes and edges of an input graph to generate a vector output corresponding to the attributes of the nodes and edges of the input graph, and wherein applying the filter to the temporal graph comprises executing the trained at least one GNN on the temporal graph as the input graph, and wherein applying the filter to the pattern graph comprises executing the trained at least one GNN on the pattern graph as the input graph. 11. The computer program product of claim 10 , wherein the training dataset comprises one or more kno