公开(公告)号：US20220232026A1

公开(公告)日：2022-07-21

申请号：US17713348

申请日：2022-04-05

Applicant: SAP SE

Inventor： Rouven Krebs

IPC: H04L9/40 ,  G06F21/55 ,  H04L43/16 ,  H04L43/062

Abstract: Techniques are described for automatically incorporating lifecycle information for a secured environment (SE) into an intrusion detection system monitoring the secured environment's operations. In one example, a secured environment including at least one component is monitored, where the secured environment is associated with a lifecycle operations manager (LOM) responsible for managing lifecycle operations associated with at least one component in the SE. One or more log files associated with operations of each of the at least one components are obtained, along with log files associated with lifecycle operations executed by the LOM. A determination is made as to whether the particular activities documented in the log files indicate a violation of at least one malicious action rule. In response to determining that the log files are associated with a malicious action rule, a mitigation action associated with the violation is triggered.

公开(公告)号：US11316877B2

公开(公告)日：2022-04-26

申请号：US15665758

申请日：2017-08-01

Applicant: SAP SE

Inventor： Rouven Krebs

IPC: H04L29/06 ,  G06F21/55 ,  H04L43/16 ,  H04L43/062 ,  G06F21/56

Abstract: Techniques are described for automatically incorporating lifecycle information for a secured environment (SE) into an intrusion detection system monitoring the secured environment's operations. In one example, a secured environment including at least one component is monitored, where the secured environment is associated with a lifecycle operations manager (LOM) responsible for managing lifecycle operations associated with at least one component in the SE. One or more log files associated with operations of each of the at least one components are obtained, along with log files associated with lifecycle operations executed by the LOM. A determination is made as to whether the particular activities documented in the log files indicate a violation of at least one malicious action rule. In response to determining that the log files are associated with a malicious action rule, a mitigation action associated with the violation is triggered.

公开(公告)号：US10768900B2

公开(公告)日：2020-09-08

申请号：US16210060

申请日：2018-12-05

Applicant: SAP SE

Inventor： Rouven Krebs ,  Steffen Koenig

IPC: G06F8/70 ,  G06F9/54 ,  G06F8/20 ,  G06F8/35 ,  G06F16/903

Abstract: Methods, systems, and computer-readable storage media for receiving, by an operation controller, a call to trigger an operation, the call at least partially including an identifier associated with an operation signature, providing the operation signature based on the identifier, identifying, by the operation controller, an operation provider that provides the operation corresponding to the operation signature, validating, by the operation provider, one or more conditions for execution of the operation, and executing the operation to affect an entity within a landscape in response to the one or more conditions being valid.

公开(公告)号：US20190042736A1

公开(公告)日：2019-02-07

申请号：US15665700

申请日：2017-08-01

Applicant: SAP SE

Inventor： Rouven Krebs ,  Juergen Frank

IPC: G06F21/55 ,  H04L29/06

Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context. In response to determining that a malicious action is associated with a lifecycle operation, a mitigation action associated with the potentially malicious action can be modified.