公开(公告)号：US11012465B2

公开(公告)日：2021-05-18

申请号：US16741071

申请日：2020-01-13

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US20190340289A1

公开(公告)日：2019-11-07

申请号：US15999512

申请日：2018-08-20

Applicant: SAP SE

Inventor： Bare Said ,  Tobias Hoehmann ,  Peter Weddeling ,  Hristina Dinkova ,  Mehdi Hsoumi

IPC: G06F17/30 ,  G06F9/46

Abstract: Implementations include actions of receiving, by a QMS executed within a first data center, a query definition provided from a browser of an analytics platform executed within the second data center, providing, by the QMS, a raw calculation scenario as an object model based on the query definition, and one or more filters, processing, by the QMS, the raw calculation scenario to provide an enhanced calculation scenario, the enhanced calculation scenario incorporating one or more relationships based on at least one of the one or more filters, executing, by a calculation engine within the first data center, the enhanced calculation scenario to provide an analytical artifact including a query-level calculation view on transactional data, and transmitting, by the first data center, the analytical artifact to the second data center to perform analytics on at least a portion of the transactional data stored in the first data center.

公开(公告)号：US10102379B1

公开(公告)日：2018-10-16

申请号：US15639860

申请日：2017-06-30

Applicant: SAP SE

Inventor： Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Hristina Dinkova ,  Thomas Kunz ,  Lin Luo ,  Rita Merkel ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck

IPC: H04L29/06 ,  G06F21/57 ,  G06F8/65

Abstract: Published enterprise threat detection (ETD) security notes are accessed in a computer data store. Applicability of the published ETD security notes are determined for an information technology computing (IT) landscape. A determination is made that a particular applicable ETD security note has not yet been implemented in the IT computing landscape. Aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note are analyzed and a computing system patching action is performed based on the aggregated IoC and SoC values.

公开(公告)号：US10901994B2

公开(公告)日：2021-01-26

申请号：US15999512

申请日：2018-08-20

Applicant: SAP SE

Inventor： Bare Said ,  Tobias Hoehmann ,  Peter Weddeling ,  Hristina Dinkova ,  Mehdi Hsoumi

IPC: G06F16/2455 ,  G06F16/248 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/901 ,  G06F9/46

Abstract: Implementations include actions of receiving, by a QMS executed within a first data center, a query definition provided from a browser of an analytics platform executed within the second data center, providing, by the QMS, a raw calculation scenario as an object model based on the query definition, and one or more filters, processing, by the QMS, the raw calculation scenario to provide an enhanced calculation scenario, the enhanced calculation scenario incorporating one or more relationships based on at least one of the one or more filters, executing, by a calculation engine within the first data center, the enhanced calculation scenario to provide an analytical artifact including a query-level calculation view on transactional data, and transmitting, by the first data center, the analytical artifact to the second data center to perform analytics on at least a portion of the transactional data stored in the first data center.

公开(公告)号：US10673879B2

公开(公告)日：2020-06-02

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F16/11 ,  G06F11/30 ,  G06F21/00 ,  G06Q10/06 ,  G06F16/248 ,  G06F11/32

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.

公开(公告)号：US20190007435A1

公开(公告)日：2019-01-03

申请号：US15639907

申请日：2017-06-30

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Joscha Philipp Bohn ,  Daniel Kartmann ,  Wei-Guo Peng ,  Hristina Dinkova ,  Lin Luo ,  Thomas Kunz ,  Marco Rodeck ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Rita Merkel ,  Florian Chrosziel

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F16/3344 ,  G06F21/55 ,  H04L63/1416

Abstract: Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.

公开(公告)号：US10536476B2

公开(公告)日：2020-01-14

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10530794B2

公开(公告)日：2020-01-07

申请号：US15639907

申请日：2017-06-30

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Joscha Philipp Bohn ,  Daniel Kartmann ,  Wei-Guo Peng ,  Hristina Dinkova ,  Lin Luo ,  Thomas Kunz ,  Marco Rodeck ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Rita Merkel ,  Florian Chrosziel

IPC: H04L29/06 ,  G06F16/33 ,  G06F3/0482

Abstract: Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.

公开(公告)号：US10482241B2

公开(公告)日：2019-11-19

申请号：US15246053

申请日：2016-08-24

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Eugen Pritzkau ,  Lin Luo ,  Hartwig Seifert ,  Marco Rodeck ,  Thomas Kunz ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Jona Hassforther ,  Thorsten Menke ,  Nan Zhang ,  Kathrin Nos ,  Hristina Dinkova

IPC: G06F3/048 ,  G06F21/55

Abstract: A path associated with a set of selected log data is defined. An indication is received on a graphical user interface (GUI) to generate a bubblegram associated with the path, wherein the bubblegram comprises one or more bubbles, each bubble representing a particular dimension associated with the selected path. The one or more bubbles are rendered on the GUI according to a performed ranking of the one or more bubbles. A bubble is selected to generate a filter for the path based on the dimension associated with the bubble. A subsequent bubblegram is rendered based on a narrowed set of the selected log data.

公开(公告)号：US20180059876A1

公开(公告)日：2018-03-01

申请号：US15246053

申请日：2016-08-24

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Eugen Pritzkau ,  Lin Luo ,  Hartwig Seifert ,  Marco Rodeck ,  Thomas Kunz ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Jona Hassforther ,  Thorsten Menke ,  Nan Zhang ,  Kathrin Nos ,  Hristina Dinkova

IPC: G06F3/0482 ,  G06F3/0484

CPC classification number: G06F21/552 ,  G06F16/248 ,  G06F16/26 ,  G06F21/00

Abstract: A path associated with a set of selected log data is defined. An indication is received on a graphical user interface (GUI) to generate a bubblegram associated with the path, wherein the bubblegram comprises one or more bubbles, each bubble representing a particular dimension associated with the selected path. The one or more bubbles are rendered on the GUI according to a performed ranking of the one or more bubbles. A bubble is selected to generate a filter for the path based on the dimension associated with the bubble. A subsequent bubblegram is rendered based on a narrowed set of the selected log data.