公开(公告)号：US20180173873A1

公开(公告)日：2018-06-21

申请号：US15382056

申请日：2016-12-16

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  G06T11/20 ,  G06F3/0481

CPC classification number: G06F21/552 ,  G06T11/206 ,  G06T2200/24

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US11349713B2

公开(公告)日：2022-05-31

申请号：US17066298

申请日：2020-10-08

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Hartwig Seifert ,  Kevin Schwab ,  Omar-Alexander Al-Hujaj ,  Volker Guzman ,  Wei-Guo Peng ,  Lin Luo ,  Harish Mehta

IPC: H04L41/0873 ,  H04L41/0893 ,  G06F9/445 ,  H04L67/00 ,  G06F21/64 ,  H04L9/40

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

公开(公告)号：US10826926B2

公开(公告)日：2020-11-03

申请号：US16037509

申请日：2018-07-17

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Wei-Guo Peng ,  Omar-Alexander Al-Hujaj ,  Lin Luo ,  Volker Guzman ,  Kevin Schwab

IPC: H04L29/06

Abstract: A first Event is identified from a normalized log persistency layer, where the first Event is associated with an attack on a computing system. A plurality of Events are fetched from the normalized log persistency layer, where each fetched Event correlates with its neighboring fetched Event by at least one correlation attribute, and each of the fetched Event and the first Event are presented on a graphical user interface as a chain of events. A workspace is generated, where the workspace comprises a series of attack paths, where each attack path corresponds to one Event in the chain of events. An ETD pattern is created based on the attack paths in the workspace.

公开(公告)号：US20200044924A1

公开(公告)日：2020-02-06

申请号：US16053376

申请日：2018-08-02

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Hartwig Seifert ,  Kevin Schwab ,  Omar-Alexander Al-Hujaj ,  Volker Guzman ,  Wei-Guo Peng ,  Lin Luo ,  Harish Mehta

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F21/64 ,  G06F9/445

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

公开(公告)号：US10530792B2

公开(公告)日：2020-01-07

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

公开(公告)号：US10440040B2

公开(公告)日：2019-10-08

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.