公开(公告)号：US11012465B2

公开(公告)日：2021-05-18

申请号：US16741071

申请日：2020-01-13

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10986111B2

公开(公告)日：2021-04-20

申请号：US15847478

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Eugen Pritzkau ,  Jona Hassforther ,  Thorsten Menke ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: G06F3/0485 ,  H04L29/06 ,  G06F3/0482 ,  G06F21/55 ,  G06F3/0484

Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.

公开(公告)号：US10530792B2

公开(公告)日：2020-01-07

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

公开(公告)号：US10440040B2

公开(公告)日：2019-10-08

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

公开(公告)号：US11042654B2

公开(公告)日：2021-06-22

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US20180176238A1

公开(公告)日：2018-06-21

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

公开(公告)号：US20180173872A1

公开(公告)日：2018-06-21

申请号：US15380379

申请日：2016-12-15

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: G06F21/55 ,  G06F9/48 ,  G06F9/46

CPC classification number: G06F21/552 ,  G06F17/40

Abstract: A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.

公开(公告)号：US09876809B2

公开(公告)日：2018-01-23

申请号：US14937794

申请日：2015-11-10

Applicant: SAP SE

Inventor： Kathrin Nos

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  H04L63/1425

Abstract: A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.

公开(公告)号：US10764306B2

公开(公告)日：2020-09-01

申请号：US15383771

申请日：2016-12-19

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: H04L29/06

Abstract: A Content Service executing in a cloud-computing-based Cloud Platform receives enterprise threat detection (ETD) Content transmitted from an ETD Content Development System (CDS) as a publication of the ETD Content from the ETD CDS. The received ETD Content is stored into a Content Management System (CMS). A determination is made of a registered Client ETD System for which the ETD Content is relevant. The ETD Content is published to the registered Client ETD System.

公开(公告)号：US10673879B2

公开(公告)日：2020-06-02

申请号：US15274569

申请日：2016-09-23

Applicant: SAP SE

Inventor： Florian Chrosziel ,  Jona Hassforther ,  Thomas Kunz ,  Harish Mehta ,  Rita Merkel ,  Kathrin Nos ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck ,  Hartwig Seifert ,  Nan Zhang ,  Thorsten Menke ,  Hristina Dinkova ,  Lin Luo

IPC: H04L29/06 ,  G06F16/11 ,  G06F11/30 ,  G06F21/00 ,  G06Q10/06 ,  G06F16/248 ,  G06F11/32

Abstract: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.