Intrusion detection system enrichment based on system lifecycle

    公开(公告)号:US10671723B2

    公开(公告)日:2020-06-02

    申请号:US15665700

    申请日:2017-08-01

    Applicant: SAP SE

    Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context. In response to determining that a malicious action is associated with a lifecycle operation, a mitigation action associated with the potentially malicious action can be modified.

    IINTRUSION DETECTION SYSTEM ENRICHMENT BASED ON SYSTEM LIFECYCLE

    公开(公告)号:US20190042736A1

    公开(公告)日:2019-02-07

    申请号:US15665700

    申请日:2017-08-01

    Applicant: SAP SE

    Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context. In response to determining that a malicious action is associated with a lifecycle operation, a mitigation action associated with the potentially malicious action can be modified.

    Attack pattern framework for monitoring enterprise information systems

    公开(公告)号:US10140447B2

    公开(公告)日:2018-11-27

    申请号:US14966885

    申请日:2015-12-11

    Applicant: SAP SE

    Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.

Patent Agency Ranking