公开(公告)号：US20180059876A1

公开(公告)日：2018-03-01

申请号：US15246053

申请日：2016-08-24

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Eugen Pritzkau ,  Lin Luo ,  Hartwig Seifert ,  Marco Rodeck ,  Thomas Kunz ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Jona Hassforther ,  Thorsten Menke ,  Nan Zhang ,  Kathrin Nos ,  Hristina Dinkova

IPC: G06F3/0482 ,  G06F3/0484

CPC classification number: G06F21/552 ,  G06F16/248 ,  G06F16/26 ,  G06F21/00

Abstract: A path associated with a set of selected log data is defined. An indication is received on a graphical user interface (GUI) to generate a bubblegram associated with the path, wherein the bubblegram comprises one or more bubbles, each bubble representing a particular dimension associated with the selected path. The one or more bubbles are rendered on the GUI according to a performed ranking of the one or more bubbles. A bubble is selected to generate a filter for the path based on the dimension associated with the bubble. A subsequent bubblegram is rendered based on a narrowed set of the selected log data.

公开(公告)号：US11487527B1

公开(公告)日：2022-11-01

申请号：US17357242

申请日：2021-06-24

Applicant: SAP SE

Inventor： Kathrin Nos

IPC: G06F9/44 ,  G06F8/65 ,  G06F11/36 ,  G06F9/48

Abstract: According to some embodiments, a system and method are provided comprising two or more components; a cross-feature toggle module; a cross-feature toggle processor in communication with the cross-feature toggle module and operative to execute processor-executable process steps to cause the system to: receive a request to execute an application; determine a new feature element is present; determine a cross-feature toggle is present, wherein the feature toggle includes an active state and an inactive state; determine whether the cross-feature toggle is in an active state for each of a respective two or more components; in a case the cross-feature toggle is in the active state for each of the two or more components, execute the application with the new feature element; and in a case the cross-feature toggle is in the active state for less than all of the two or more components, execute the application without the new feature element. Numerous other aspects are provided.

公开(公告)号：US11093608B2

公开(公告)日：2021-08-17

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  H04L29/06 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20200184087A1

公开(公告)日：2020-06-11

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US20200175159A1

公开(公告)日：2020-06-04

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US10534908B2

公开(公告)日：2020-01-14

申请号：US15370084

申请日：2016-12-06

Applicant: SAP SE

Inventor： Kathrin Nos

IPC: H04L29/06 ,  G06F21/55

Abstract: An enterprise threat detection (ETD) pattern is executed against received log event data from one or more computing systems. Using the ETD pattern, an event threshold is determined to have been exceeded. Entities associated with an alert created based on the exceeded threshold are determined and, at runtime, a severity value is calculated for each determined entity associated with the alert. A selection is received of a determined entity on which to perform mitigation action activities. Mitigation action activities associated with the determined entity are written into an activity record data record. A mitigation action activity is closed on the determined entity and a determination performed that all mitigation action activities associated with all entities related to the created alert have been closed. The created alert is closed.

公开(公告)号：US20190190927A1

公开(公告)日：2019-06-20

申请号：US15847450

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Eugen Pritzkau ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Thorsten Menke ,  Jona Hassforther ,  Rita Merkel ,  Florian Chrosziel ,  Kathrin Nos ,  Marco Rodeck ,  Thomas Kunz

IPC: H04L29/06 ,  H04L12/24

Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

公开(公告)号：US20180091536A1

公开(公告)日：2018-03-29

申请号：US15274693

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/1416 ,  H04L63/1433

Abstract: A log entry is received at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system. The received log entry is parsed using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system. The mapped data is transferred to an ETD streaming project and enriched. The streaming component writes the enriched data into a database associated with the ETD system.

公开(公告)号：US20180091535A1

公开(公告)日：2018-03-29

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F11/302 ,  G06F11/3051 ,  G06F11/323 ,  G06F16/128 ,  G06F16/248 ,  G06F21/00 ,  G06F2201/865 ,  G06Q10/0635

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.

公开(公告)号：US20180027010A1

公开(公告)日：2018-01-25

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L63/1433 ,  H04L43/106 ,  H04L63/1408 ,  H04L67/02

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.