-
公开(公告)号:US11012465B2
公开(公告)日:2021-05-18
申请号:US16741071
申请日:2020-01-13
Applicant: SAP SE
Inventor: Eugen Pritzkau , Kathrin Nos , Marco Rodeck , Florian Chrosziel , Jona Hassforther , Rita Merkel , Thorsten Menke , Thomas Kunz , Hartwig Seifert , Harish Mehta , Wei-Guo Peng , Lin Luo , Nan Zhang , Hristina Dinkova
Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.
-
公开(公告)号:US10986111B2
公开(公告)日:2021-04-20
申请号:US15847478
申请日:2017-12-19
Applicant: SAP SE
Inventor: Wei-Guo Peng , Lin Luo , Hartwig Seifert , Nan Zhang , Harish Mehta , Florian Chrosziel , Rita Merkel , Eugen Pritzkau , Jona Hassforther , Thorsten Menke , Thomas Kunz , Kathrin Nos , Marco Rodeck
IPC: G06F3/0485 , H04L29/06 , G06F3/0482 , G06F21/55 , G06F3/0484
Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.
-
公开(公告)号:US10826926B2
公开(公告)日:2020-11-03
申请号:US16037509
申请日:2018-07-17
Applicant: SAP SE
Inventor: Eugen Pritzkau , Wei-Guo Peng , Omar-Alexander Al-Hujaj , Lin Luo , Volker Guzman , Kevin Schwab
IPC: H04L29/06
Abstract: A first Event is identified from a normalized log persistency layer, where the first Event is associated with an attack on a computing system. A plurality of Events are fetched from the normalized log persistency layer, where each fetched Event correlates with its neighboring fetched Event by at least one correlation attribute, and each of the fetched Event and the first Event are presented on a graphical user interface as a chain of events. A workspace is generated, where the workspace comprises a series of attack paths, where each attack path corresponds to one Event in the chain of events. An ETD pattern is created based on the attack paths in the workspace.
-
公开(公告)号:US20200044924A1
公开(公告)日:2020-02-06
申请号:US16053376
申请日:2018-08-02
Applicant: SAP SE
Inventor: Eugen Pritzkau , Hartwig Seifert , Kevin Schwab , Omar-Alexander Al-Hujaj , Volker Guzman , Wei-Guo Peng , Lin Luo , Harish Mehta
Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.
-
公开(公告)号:US20180063167A1
公开(公告)日:2018-03-01
申请号:US15253438
申请日:2016-08-31
Applicant: SAP SE
Inventor: Marco Rodeck , Harish Mehta , Hartwig Seifert , Thomas Kunz , Eugen Pritzkau , Wei-Guo Peng , Lin Luo , Rita Merkel , Florian Chrosziel , Jona Hassforther , Thorsten Menke
IPC: H04L29/06
CPC classification number: H04L63/1416 , H04L63/083 , H04L63/108 , H04L63/1425 , H04L63/1483 , H04W12/00503
Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.
-
Patent Agency Ranking
公开(公告)号:US20210028986A1
公开(公告)日:2021-01-28
申请号:US17066298
申请日:2020-10-08
Applicant: SAP SE
Inventor: Eugen Pritzkau , Hartwig Seifert , Kevin Schwab , Omar-Alexander Al-Hujaj , Volker Guzman , Wei-Guo Peng , Lin Luo , Harish Mehta
Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.
-
公开(公告)号:US10681064B2
公开(公告)日:2020-06-09
申请号:US15847450
申请日:2017-12-19
Applicant: SAP SE
Inventor: Wei-Guo Peng , Lin Luo , Eugen Pritzkau , Hartwig Seifert , Harish Mehta , Nan Zhang , Thorsten Menke , Jona Hassforther , Rita Merkel , Florian Chrosziel , Kathrin Nos , Marco Rodeck , Thomas Kunz
IPC: H04L29/06 , H04L12/24 , H04L12/26 , G06T11/20 , G06F16/901
Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
-
公开(公告)号:US10542016B2
公开(公告)日:2020-01-21
申请号:US15253438
申请日:2016-08-31
Applicant: SAP SE
Inventor: Marco Rodeck , Harish Mehta , Hartwig Seifert , Thomas Kunz , Eugen Pritzkau , Wei-Guo Peng , Lin Luo , Rita Merkel , Florian Chrosziel , Jona Hassforther , Thorsten Menke
IPC: H04L29/06
Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.
-
公开(公告)号:US10536476B2
公开(公告)日:2020-01-14
申请号:US15216201
申请日:2016-07-21
Applicant: SAP SE
Inventor: Eugen Pritzkau , Kathrin Nos , Marco Rodeck , Florian Chrosziel , Jona Hassforther , Rita Merkel , Thorsten Menke , Thomas Kunz , Hartwig Seifert , Harish Mehta , Wei-Guo Peng , Lin Luo , Nan Zhang , Hristina Dinkova
Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.
-
公开(公告)号:US10530794B2
公开(公告)日:2020-01-07
申请号:US15639907
申请日:2017-06-30
Applicant: SAP SE
Inventor: Eugen Pritzkau , Joscha Philipp Bohn , Daniel Kartmann , Wei-Guo Peng , Hristina Dinkova , Lin Luo , Thomas Kunz , Marco Rodeck , Hartwig Seifert , Harish Mehta , Nan Zhang , Rita Merkel , Florian Chrosziel
IPC: H04L29/06 , G06F16/33 , G06F3/0482
Abstract: Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.015 seconds)
