Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data
First Claim
Patent Images
1. A computer-implemented method, comprising:
- initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system;
determining that log entries are available for processing;
instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data;
transforming read log data into a common semantic format as transformed log data;
receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data;
enriching the transformed log data with the log producing computing system data to generate enriched log data;
transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and
storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process.
1 Assignment
0 Petitions
Accused Products
Abstract
A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.
186 Citations
15 Claims
-
1. A computer-implemented method, comprising:
-
initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system; determining that log entries are available for processing; instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data; transforming read log data into a common semantic format as transformed log data; receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data; enriching the transformed log data with the log producing computing system data to generate enriched log data; transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system; determining that log entries are available for processing; instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data; transforming read log data into a common semantic format as transformed log data; receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data; enriching the transformed log data with the log producing computing system data to generate enriched log data; transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-implemented system, comprising:
-
a computer memory; and a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising; initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system; determining that log entries are available for processing; instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data; transforming read log data into a common semantic format as transformed log data; receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data; enriching the transformed log data with the log producing computing system data to generate enriched log data; transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process. - View Dependent Claims (12, 13, 14, 15)
-
Specification