公开(公告)号：US20180063167A1

公开(公告)日：2018-03-01

申请号：US15253438

申请日：2016-08-31

Applicant: SAP SE

Inventor： Marco Rodeck ,  Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Eugen Pritzkau ,  Wei-Guo Peng ,  Lin Luo ,  Rita Merkel ,  Florian Chrosziel ,  Jona Hassforther ,  Thorsten Menke

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/083 ,  H04L63/108 ,  H04L63/1425 ,  H04L63/1483 ,  H04W12/00503

Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.

公开(公告)号：US11093608B2

公开(公告)日：2021-08-17

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  H04L29/06 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20200175159A1

公开(公告)日：2020-06-04

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20190190927A1

公开(公告)日：2019-06-20

申请号：US15847450

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Eugen Pritzkau ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Thorsten Menke ,  Jona Hassforther ,  Rita Merkel ,  Florian Chrosziel ,  Kathrin Nos ,  Marco Rodeck ,  Thomas Kunz

IPC: H04L29/06 ,  H04L12/24

Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

公开(公告)号：US20180091535A1

公开(公告)日：2018-03-29

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F11/302 ,  G06F11/3051 ,  G06F11/323 ,  G06F16/128 ,  G06F16/248 ,  G06F21/00 ,  G06F2201/865 ,  G06Q10/0635

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.

公开(公告)号：US20180027010A1

公开(公告)日：2018-01-25

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L63/1433 ,  H04L43/106 ,  H04L63/1408 ,  H04L67/02

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10681064B2

公开(公告)日：2020-06-09

申请号：US15847450

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Eugen Pritzkau ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Thorsten Menke ,  Jona Hassforther ,  Rita Merkel ,  Florian Chrosziel ,  Kathrin Nos ,  Marco Rodeck ,  Thomas Kunz

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  G06T11/20 ,  G06F16/901

Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

公开(公告)号：US10552605B2

公开(公告)日：2020-02-04

申请号：US15382056

申请日：2016-12-16

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: H04L29/06 ,  G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US10542016B2

公开(公告)日：2020-01-21

申请号：US15253438

申请日：2016-08-31

Applicant: SAP SE

Inventor： Marco Rodeck ,  Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Eugen Pritzkau ,  Wei-Guo Peng ,  Lin Luo ,  Rita Merkel ,  Florian Chrosziel ,  Jona Hassforther ,  Thorsten Menke

IPC: H04L29/06

Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.

公开(公告)号：US10536476B2

公开(公告)日：2020-01-14

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.