-
公开(公告)号:US10671723B2
公开(公告)日:2020-06-02
申请号:US15665700
申请日:2017-08-01
Applicant: SAP SE
Inventor: Rouven Krebs , Juergen Frank
Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context. In response to determining that a malicious action is associated with a lifecycle operation, a mitigation action associated with the potentially malicious action can be modified.
-
公开(公告)号:US20170169217A1
公开(公告)日:2017-06-15
申请号:US14966885
申请日:2015-12-11
Applicant: SAP SE
Inventor: Mohammad Ashiqur Rahaman , Cedric Hebert , Juergen Frank
CPC classification number: G06F21/554 , G06F21/566 , G06F2221/034 , G06N5/047 , G06N99/005
Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.
-
公开(公告)号:US20190042736A1
公开(公告)日:2019-02-07
申请号:US15665700
申请日:2017-08-01
Applicant: SAP SE
Inventor: Rouven Krebs , Juergen Frank
Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context. In response to determining that a malicious action is associated with a lifecycle operation, a mitigation action associated with the potentially malicious action can be modified.
-
公开(公告)号:US10140447B2
公开(公告)日:2018-11-27
申请号:US14966885
申请日:2015-12-11
Applicant: SAP SE
Inventor: Mohammad Ashiqur Rahaman , Cedric Hebert , Juergen Frank
Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.
-
-
-