公开(公告)号：US20180091535A1

公开(公告)日：2018-03-29

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F11/302 ,  G06F11/3051 ,  G06F11/323 ,  G06F16/128 ,  G06F16/248 ,  G06F21/00 ,  G06F2201/865 ,  G06Q10/0635

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.

公开(公告)号：US20180027010A1

公开(公告)日：2018-01-25

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L63/1433 ,  H04L43/106 ,  H04L63/1408 ,  H04L67/02

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US20170178026A1

公开(公告)日：2017-06-22

申请号：US14978995

申请日：2015-12-22

Applicant: SAP SE

Inventor： Susan Marie Thomas ,  Rita Merkel ,  Lukas Carullo ,  Viktor Bersch ,  Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Florian Chrosziel ,  Omar Alexander Al-Hujaj ,  Marco Rodeck

IPC: G06N99/00 ,  G06F21/55 ,  G06N5/04 ,  G06F17/30

CPC classification number: G06N20/00 ,  G06F16/2465 ,  G06F21/552 ,  G06N5/025 ,  G06N5/046

Abstract: A sample log file including a plurality of log entries for log learning is accessed, using a log interpretation controller, prior to runtime as part of a log learning process. Each of the plurality of log entries is analyzed. A log entry type is assigned to each of the plurality of log entries. A log type and semantic event are assigned to each log entry type. Generation of runtime rules is triggered for analyzing unknown log entries. The runtime rules include characteristics of particular log entry types that allow unique identification of the particular log entry type for a particular unknown log entry. The generated runtime rules are loaded into a runtime parser.