公开(公告)号：US11093608B2

公开(公告)日：2021-08-17

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  H04L29/06 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20200175159A1

公开(公告)日：2020-06-04

申请号：US16780259

申请日：2020-02-03

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20200028861A1

公开(公告)日：2020-01-23

申请号：US16037509

申请日：2018-07-17

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Wei-Guo Peng ,  Omar-Alexander Al-Hujaj ,  Lin Luo ,  Volker Guzman ,  Kevin Schwab

IPC: H04L29/06

Abstract: A first Event is identified from a normalized log persistency layer, where the first Event is associated with an attack on a computing system. A plurality of Events are fetched from the normalized log persistency layer, where each fetched Event correlates with its neighboring fetched Event by at least one correlation attribute, and each of the fetched Event and the first Event are presented on a graphical user interface as a chain of events. A workspace is generated, where the workspace comprises a series of attack paths, where each attack path corresponds to one Event in the chain of events. An ETD pattern is created based on the attack paths in the workspace.

公开(公告)号：US20180176238A1

公开(公告)日：2018-06-21

申请号：US15380450

申请日：2016-12-15

Applicant: SAP SE

Inventor： Kathrin Nos ,  Volker Guzman ,  Marvin Klose

IPC: H04L29/06

Abstract: The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

公开(公告)号：US20180173872A1

公开(公告)日：2018-06-21

申请号：US15380379

申请日：2016-12-15

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: G06F21/55 ,  G06F9/48 ,  G06F9/46

CPC classification number: G06F21/552 ,  G06F17/40

Abstract: A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.

公开(公告)号：US20210028986A1

公开(公告)日：2021-01-28

申请号：US17066298

申请日：2020-10-08

Applicant: SAP SE

Inventor： Eugen Pritzkau ,  Hartwig Seifert ,  Kevin Schwab ,  Omar-Alexander Al-Hujaj ,  Volker Guzman ,  Wei-Guo Peng ,  Lin Luo ,  Harish Mehta

IPC: H04L12/24 ,  G06F9/445 ,  H04L29/08 ,  G06F21/64 ,  H04L29/06

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

公开(公告)号：US10552605B2

公开(公告)日：2020-02-04

申请号：US15382056

申请日：2016-12-16

Applicant: SAP SE

Inventor： Jona Hassforther ,  Jens Baumgart ,  Thorsten Menke ,  Volker Guzman ,  Florian Kraemer ,  Anne Jacobi ,  Thanh-Phong Lam ,  Omar-Alexander Al-Hujaj ,  Kathrin Nos

IPC: H04L29/06 ,  G06F21/55 ,  G06T11/20

Abstract: A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

公开(公告)号：US20180176235A1

公开(公告)日：2018-06-21

申请号：US15383771

申请日：2016-12-19

Applicant: SAP SE

Inventor： Thanh-Phong LAM ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: H04L29/06

Abstract: A Content Service executing in a cloud-computing-based Cloud Platform receives enterprise threat detection (ETD) Content transmitted from an ETD Content Development System (CDS) as a publication of the ETD Content from the ETD CDS. The received ETD Content is stored into a Content Management System (CMS). A determination is made of a registered Client ETD System for which the ETD Content is relevant. The ETD Content is published to the registered Client ETD System.

公开(公告)号：US10764306B2

公开(公告)日：2020-09-01

申请号：US15383771

申请日：2016-12-19

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: H04L29/06

Abstract: A Content Service executing in a cloud-computing-based Cloud Platform receives enterprise threat detection (ETD) Content transmitted from an ETD Content Development System (CDS) as a publication of the ETD Content from the ETD CDS. The received ETD Content is stored into a Content Management System (CMS). A determination is made of a registered Client ETD System for which the ETD Content is relevant. The ETD Content is published to the registered Client ETD System.

公开(公告)号：US10534907B2

公开(公告)日：2020-01-14

申请号：US15380379

申请日：2016-12-15

Applicant: SAP SE

Inventor： Thanh-Phong Lam ,  Jens Baumgart ,  Florian Kraemer ,  Volker Guzman ,  Anne Jacobi ,  Kathrin Nos ,  Jona Hassforther ,  Omar-Alexander Al-Hujaj ,  Stefan Rossmanith ,  Thorsten Menke

IPC: G06F21/55 ,  G06F9/48

Abstract: A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.