公开(公告)号：US10102379B1

公开(公告)日：2018-10-16

申请号：US15639860

申请日：2017-06-30

Applicant: SAP SE

Inventor： Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Hristina Dinkova ,  Thomas Kunz ,  Lin Luo ,  Rita Merkel ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck

IPC: H04L29/06 ,  G06F21/57 ,  G06F8/65

Abstract: Published enterprise threat detection (ETD) security notes are accessed in a computer data store. Applicability of the published ETD security notes are determined for an information technology computing (IT) landscape. A determination is made that a particular applicable ETD security note has not yet been implemented in the IT computing landscape. Aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note are analyzed and a computing system patching action is performed based on the aggregated IoC and SoC values.

公开(公告)号：US20220006828A1

公开(公告)日：2022-01-06

申请号：US17479850

申请日：2021-09-20

Applicant: SAP SE

Inventor： Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Anne Jacobi ,  Marco Rodeck ,  Florian Kraemer ,  Bjoern Brencher ,  Nan Zhang

IPC: H04L29/06

Abstract: A transfer of master data is executed in a backend computing system. The master data includes user data and system data. The transfer of master data includes receiving user data associated with a particular user identifier in the backend computing system, transferring the received user data to an event stream processor, receiving system data associated with a particular log providing computing system in the backend computing system, transferring the received user data to the event stream processor, and executing a transfer of log data associated with logs of computing systems connected to the backend computing system.

公开(公告)号：US10673879B2

公开(公告)日：2020-06-02

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F16/11 ,  G06F11/30 ,  G06F21/00 ,  G06Q10/06 ,  G06F16/248 ,  G06F11/32

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.

公开(公告)号：US20190190935A1

公开(公告)日：2019-06-20

申请号：US15847478

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo PENG ,  Lin Luo ,  Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Eugen Pritzkau ,  Jona Hassforther ,  Thorsten Menke ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: H04L29/06 ,  G06F21/55 ,  G06F3/0482

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F21/552

Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.

公开(公告)号：US20190007442A1

公开(公告)日：2019-01-03

申请号：US16125256

申请日：2018-09-07

Applicant: SAP SE

Inventor： Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Anne Jacobi ,  Marco Rodeck ,  Florian Kraemer ,  Bjoern Brencher ,  Nan Zhang

IPC: H04L29/06

Abstract: A transfer of master data is executed in a backend computing system. The master data includes user data and system data. The transfer of master data includes receiving user data associated with a particular user identifier in the backend computing system, transferring the received user data to an event stream processor, receiving system data associated with a particular log providing computing system in the backend computing system, transferring the received user data to the event stream processor, and executing a transfer of log data associated with logs of computing systems connected to the backend computing system.

公开(公告)号：US20190007435A1

公开(公告)日：2019-01-03

申请号：US15639907

申请日：2017-06-30

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Joscha Philipp Bohn ,  Daniel Kartmann ,  Wei-Guo Peng ,  Hristina Dinkova ,  Lin Luo ,  Thomas Kunz ,  Marco Rodeck ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Rita Merkel ,  Florian Chrosziel

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F16/3344 ,  G06F21/55 ,  H04L63/1416

Abstract: Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.

公开(公告)号：US11349713B2

公开(公告)日：2022-05-31

申请号：US17066298

申请日：2020-10-08

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Hartwig Seifert ,  Kevin Schwab ,  Omar-Alexander Al-Hujaj ,  Volker Guzman ,  Wei-Guo Peng ,  Lin Luo ,  Harish Mehta

IPC: H04L41/0873 ,  H04L41/0893 ,  G06F9/445 ,  H04L67/00 ,  G06F21/64 ,  H04L9/40

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

公开(公告)号：US11012465B2

公开(公告)日：2021-05-18

申请号：US16741071

申请日：2020-01-13

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10986111B2

公开(公告)日：2021-04-20

申请号：US15847478

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Eugen Pritzkau ,  Jona Hassforther ,  Thorsten Menke ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: G06F3/0485 ,  H04L29/06 ,  G06F3/0482 ,  G06F21/55 ,  G06F3/0484

Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.

公开(公告)号：US20200044924A1

公开(公告)日：2020-02-06

申请号：US16053376

申请日：2018-08-02

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Hartwig Seifert ,  Kevin Schwab ,  Omar-Alexander Al-Hujaj ,  Volker Guzman ,  Wei-Guo Peng ,  Lin Luo ,  Harish Mehta

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F21/64 ,  G06F9/445

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.