公开(公告)号：US10534907B2

公开(公告)日：2020-01-14

申请号：US15380379

申请日：2016-12-15

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: G06F21/55 ,  G06F9/48

Abstract: A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.

公开(公告)号：US20190190935A1

公开(公告)日：2019-06-20

申请号：US15847478

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo PENG ,  Lin Luo ,  Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Eugen Pritzkau ,  Jona Hassforther ,  Thorsten Menke ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: H04L29/06 ,  G06F21/55 ,  G06F3/0482

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F21/552

Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.

公开(公告)号：US20180173873A1

公开(公告)日：2018-06-21

申请号：US15382056

申请日：2016-12-16

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  G06T11/20 ,  G06F3/0481

CPC classification number: G06F21/552 ,  G06T11/206 ,  G06T2200/24

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20170134408A1

公开(公告)日：2017-05-11

申请号：US14937794

申请日：2015-11-10

Applicant: SAP SE

Inventor： Kathrin Nos

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  H04L63/1425

Abstract: A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.

公开(公告)号：US10681064B2

公开(公告)日：2020-06-09

申请号：US15847450

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Eugen Pritzkau ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Thorsten Menke ,  Jona Hassforther ,  Rita Merkel ,  Florian Chrosziel ,  Kathrin Nos ,  Marco Rodeck ,  Thomas Kunz

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  G06T11/20 ,  G06F16/901

Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

公开(公告)号：US10552605B2

公开(公告)日：2020-02-04

申请号：US15382056

申请日：2016-12-16

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: H04L29/06 ,  G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US10536476B2

公开(公告)日：2020-01-14

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10482241B2

公开(公告)日：2019-11-19

申请号：US15246053

申请日：2016-08-24

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Eugen Pritzkau ,  Lin Luo ,  Hartwig Seifert ,  Marco Rodeck ,  Thomas Kunz ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Jona Hassforther ,  Thorsten Menke ,  Nan Zhang ,  Kathrin Nos ,  Hristina Dinkova

IPC: G06F3/048 ,  G06F21/55

Abstract: A path associated with a set of selected log data is defined. An indication is received on a graphical user interface (GUI) to generate a bubblegram associated with the path, wherein the bubblegram comprises one or more bubbles, each bubble representing a particular dimension associated with the selected path. The one or more bubbles are rendered on the GUI according to a performed ranking of the one or more bubbles. A bubble is selected to generate a filter for the path based on the dimension associated with the bubble. A subsequent bubblegram is rendered based on a narrowed set of the selected log data.

公开(公告)号：US20180176235A1

公开(公告)日：2018-06-21

申请号：US15383771

申请日：2016-12-19

Applicant: SAP SE

Inventor： Thanh-Phong LAM ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: H04L29/06

Abstract: A Content Service executing in a cloud-computing-based Cloud Platform receives enterprise threat detection (ETD) Content transmitted from an ETD Content Development System (CDS) as a publication of the ETD Content from the ETD CDS. The received ETD Content is stored into a Content Management System (CMS). A determination is made of a registered Client ETD System for which the ETD Content is relevant. The ETD Content is published to the registered Client ETD System.

公开(公告)号：US20180157835A1

公开(公告)日：2018-06-07

申请号：US15370084

申请日：2016-12-06

Applicant: SAP SE

Inventor： Kathrin Nos

IPC: G06F21/55

Abstract: An enterprise threat detection (ETD) pattern is executed against received log event data from one or more computing systems. Using the ETD pattern, an event threshold is determined to have been exceeded. Entities associated with an alert created based on the exceeded threshold are determined and, at runtime, a severity value is calculated for each determined entity associated with the alert. A selection is received of a determined entity on which to perform mitigation action activities. Mitigation action activities associated with the determined entity are written into an activity record data record. A mitigation action activity is closed on the determined entity and a determination performed that all mitigation action activities associated with all entities related to the created alert have been closed. The created alert is closed.