Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data

US 10,534,907 B2
Filed: 12/15/2016
Issued: 01/14/2020
Est. Priority Date: 12/15/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system;

determining that log entries are available for processing;

instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data;

transforming read log data into a common semantic format as transformed log data;

receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data;

enriching the transformed log data with the log producing computing system data to generate enriched log data;

transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and

storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A log processing job executing on a log producing computing system is initiated for processing log data associated with the log producing computing system. Log entries are determined to be available for processing. At least one instance of a Log Extractor Factory, Reader, and Transformation component are instantiated for reading and transforming the log data. Read log data is transformed into a common semantic format as transformed log data and transmitted in real-time to a Streaming Component for storage in an Enterprise Threat Detection (ETD) System. A recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.

186 Citations

15 Claims

1. A computer-implemented method, comprising:
- initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system;
  
  determining that log entries are available for processing;
  
  instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data;
  
  transforming read log data into a common semantic format as transformed log data;
  
  receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data;
  
  enriching the transformed log data with the log producing computing system data to generate enriched log data;
  
  transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and
  
  storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprising receiving a trigger from a task scheduler to initiate execution of a log processing job.
  - 3. The computer-implemented method of claim 1, further comprising accessing a log processing job configuration containing at least one of log types to process, associated log formats, credentials to access log producing computer system data, or connection details to the Streaming Component.
  - 4. The computer-implemented method of claim 1, further comprising, using the instantiated Log Extractor Factory, instantiating an instance of a Log Extractor to extract data from a particular log file type.
  - 5. The computer-implemented method of claim 1, further comprising, on a processing failure with reading and transforming the log data or transmitting the transformed log data to the Streaming Component, leveraging the stored recovery point to initiate reprocessing of the log data.

6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system;
  
  determining that log entries are available for processing;
  
  instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data;
  
  transforming read log data into a common semantic format as transformed log data;
  
  receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data;
  
  enriching the transformed log data with the log producing computing system data to generate enriched log data;
  
  transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and
  
  storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory, computer-readable medium of claim 6, further comprising one or more instructions to receive a trigger from a task scheduler to initiate execution of a log processing job.
  - 8. The non-transitory, computer-readable medium of claim 6, further comprising one or more instructions to access a log processing job configuration containing at least one of log types to process, associated log formats, credentials to access log producing computer system data, or connection details to the Streaming Component.
  - 9. The non-transitory, computer-readable medium of claim 6, further comprising one or more instructions to instantiate, using the instantiated Log Extractor Factory, an instance of a Log Extractor to extract data from a particular log file type.
  - 10. The non-transitory, computer-readable medium of claim 6, further comprising one or more instructions to leverage, on a processing failure with reading and transforming the log data or transmitting the transformed log data to the Streaming Component, the stored recovery point to initiate reprocessing of the log data.

11. A computer-implemented system, comprising:
- a computer memory; and
  
  a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising;
  
  initiating execution of a log processing job executing on a log producing computing system for processing log data associated with the log producing computing system;
  
  determining that log entries are available for processing;
  
  instantiating at least one instance of a Log Extractor Factory, Reader, and Transformation component for reading and transforming the log data;
  
  transforming read log data into a common semantic format as transformed log data;
  
  receiving log producing computing system data from a Control Web Service executing on the log producing computing system, the log producing computing system data including operating-system kernel data of the log producing computing system that provides reference data for Enterprise Threat Detection (ETD) analysis in an ETD system for detecting manipulation of the transformed log data;
  
  enriching the transformed log data with the log producing computing system data to generate enriched log data;
  
  transmitting the enriched log data in real-time to a Streaming Component for storage in the ETD System; and
  
  storing a recovery point with a recovery timestamp indicating a next log entry in the log data to process.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-implemented system of claim 11, further configured to receive a trigger from a task scheduler to initiate execution of a log processing job.
  - 13. The computer-implemented system of claim 11, further configured to access a log processing job configuration containing at least one of log types to process, associated log formats, credentials to access log producing computer system data, or connection details to the Streaming Component.
  - 14. The computer-implemented system of claim 11, further configured to instantiate, using the instantiated Log Extractor Factory, an instance of a Log Extractor to extract data from a particular log file type.
  - 15. The computer-implemented system of claim 11, further configured to leverage, on a processing failure with reading and transforming the log data or transmitting the transformed log data to the Streaming Component, the stored recovery point to initiate reprocessing of the log data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Lam, Thanh-Phong, Baumgart, Jens, Kraemer, Florian, Guzman, Volker, Jacobi, Anne, Nos, Kathrin, Hassforther, Jona, Al-Hujaj, Omar-Alexander, Rossmanith, Stefan, Menke, Thorsten
Primary Examiner(s)
Li, Meng

Application Number

US15/380,379
Publication Number

US 20180173872A1
Time in Patent Office

1,125 Days
Field of Search
US Class Current
CPC Class Codes

G06F 17/40 Data acquisition and loggin...

G06F 21/552 involving long-term monitor...

Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

186 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others