公开(公告)号：US10102379B1

公开(公告)日：2018-10-16

申请号：US15639860

申请日：2017-06-30

Applicant: SAP SE

Inventor： Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Hristina Dinkova ,  Thomas Kunz ,  Lin Luo ,  Rita Merkel ,  Wei-Guo Peng ,  Eugen Pritzkau ,  Marco Rodeck

IPC: H04L29/06 ,  G06F21/57 ,  G06F8/65

Abstract: Published enterprise threat detection (ETD) security notes are accessed in a computer data store. Applicability of the published ETD security notes are determined for an information technology computing (IT) landscape. A determination is made that a particular applicable ETD security note has not yet been implemented in the IT computing landscape. Aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note are analyzed and a computing system patching action is performed based on the aggregated IoC and SoC values.

公开(公告)号：US20180176234A1

公开(公告)日：2018-06-21

申请号：US15381567

申请日：2016-12-16

Applicant: SAP SE

Inventor： Thomas Kunz ,  Omar-Alexander Al-Hujaj ,  Jens Baumgart ,  Harish Mehta ,  Florian Chrosziel ,  Marco Rodeck ,  Thorsten Menke

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/27 ,  H04L63/1425

Abstract: A content replication connector receives control data associated with replication of content data from a source system. Based on the control data, the content replication connector fetches the content data from the source system, converts the content data from a first data format to a second data format, and sends the content data to a content replication server. The content replication server replicates the content data, and a target system fetches the content data from the content replication server.

公开(公告)号：US11470094B2

公开(公告)日：2022-10-11

申请号：US15381567

申请日：2016-12-16

Applicant: SAP SE

Inventor： Thomas Kunz ,  Omar-Alexander Al-Hujaj ,  Jens Baumgart ,  Harish Mehta ,  Florian Chrosziel ,  Marco Rodeck ,  Thorsten Menke

IPC: H04L9/40 ,  G06F16/27

Abstract: A content replication connector receives control data associated with replication of content data from a source system. Based on the control data, the content replication connector fetches the content data from the source system, converts the content data from a first data format to a second data format, and sends the content data to a content replication server. The content replication server replicates the content data, and a target system fetches the content data from the content replication server.

公开(公告)号：US11012465B2

公开(公告)日：2021-05-18

申请号：US16741071

申请日：2020-01-13

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.

公开(公告)号：US10986111B2

公开(公告)日：2021-04-20

申请号：US15847478

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Hartwig Seifert ,  Nan Zhang ,  Harish Mehta ,  Florian Chrosziel ,  Rita Merkel ,  Eugen Pritzkau ,  Jona Hassforther ,  Thorsten Menke ,  Thomas Kunz ,  Kathrin Nos ,  Marco Rodeck

IPC: G06F3/0485 ,  H04L29/06 ,  G06F3/0482 ,  G06F21/55 ,  G06F3/0484

Abstract: One or more entities are selected for which logged Events are to be displayed in an Event Series Chart. One or more filters and a timeframe are selected. Events are fetched from one or more selected log files based on the one or more selected filters and the timeframe. The fetched Events are displayed in an Event Series Chart according to an associated timestamp and identification Event property value associated with each fetched Event.

公开(公告)号：US20180063167A1

公开(公告)日：2018-03-01

申请号：US15253438

申请日：2016-08-31

Applicant: SAP SE

Inventor： Marco Rodeck ,  Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Eugen Pritzkau ,  Wei-Guo Peng ,  Lin Luo ,  Rita Merkel ,  Florian Chrosziel ,  Jona Hassforther ,  Thorsten Menke

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/083 ,  H04L63/108 ,  H04L63/1425 ,  H04L63/1483 ,  H04W12/00503

Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.

公开(公告)号：US11252168B2

公开(公告)日：2022-02-15

申请号：US16125256

申请日：2018-09-07

Applicant: SAP SE

Inventor： Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Anne Jacobi ,  Marco Rodeck ,  Florian Kraemer ,  Bjoern Brencher ,  Nan Zhang

IPC: H04L29/06

Abstract: A transfer of master data is executed in a backend computing system. The master data includes user data and system data. The transfer of master data includes receiving user data associated with a particular user identifier in the backend computing system, transferring the received user data to an event stream processor, receiving system data associated with a particular log providing computing system in the backend computing system, transferring the received user data to the event stream processor, and executing a transfer of log data associated with logs of computing systems connected to the backend computing system.

公开(公告)号：US10681064B2

公开(公告)日：2020-06-09

申请号：US15847450

申请日：2017-12-19

Applicant: SAP SE

Inventor： Wei-Guo Peng ,  Lin Luo ,  Eugen Pritzkau ,  Hartwig Seifert ,  Harish Mehta ,  Nan Zhang ,  Thorsten Menke ,  Jona Hassforther ,  Rita Merkel ,  Florian Chrosziel ,  Kathrin Nos ,  Marco Rodeck ,  Thomas Kunz

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  G06T11/20 ,  G06F16/901

Abstract: A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

公开(公告)号：US10542016B2

公开(公告)日：2020-01-21

申请号：US15253438

申请日：2016-08-31

Applicant: SAP SE

Inventor： Marco Rodeck ,  Harish Mehta ,  Hartwig Seifert ,  Thomas Kunz ,  Eugen Pritzkau ,  Wei-Guo Peng ,  Lin Luo ,  Rita Merkel ,  Florian Chrosziel ,  Jona Hassforther ,  Thorsten Menke

IPC: H04L29/06

Abstract: Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.

公开(公告)号：US10536476B2

公开(公告)日：2020-01-14

申请号：US15216201

申请日：2016-07-21

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Kathrin Nos ,  Marco Rodeck ,  Florian Chrosziel ,  Jona Hassforther ,  Rita Merkel ,  Thorsten Menke ,  Thomas Kunz ,  Hartwig Seifert ,  Harish Mehta ,  Wei-Guo Peng ,  Lin Luo ,  Nan Zhang ,  Hristina Dinkova

IPC: H04L29/06 ,  H04L29/08

Abstract: A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.