Analysis of complex relationships among information technology security-relevant entities using a network graph

US 10,681,064 B2
Filed: 12/19/2017
Issued: 06/09/2020
Est. Priority Date: 12/19/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis;

selecting a filter from one or more filters defined for an ETD Network Graph;

fetching Events from the selected one or more log files based on the selected filter;

identifying entities based on the fetched Events;

determining relationships between the identified entities;

enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph;

displaying the determined relationships and identified entities in the ETD Network Graph;

selecting an identified entity to filter data in the ETD Event Series Chart;

selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and

selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.

205 Citations

15 Claims

1. A computer-implemented method, comprising:
- selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis;
  
  selecting a filter from one or more filters defined for an ETD Network Graph;
  
  fetching Events from the selected one or more log files based on the selected filter;
  
  identifying entities based on the fetched Events;
  
  determining relationships between the identified entities;
  
  enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph;
  
  displaying the determined relationships and identified entities in the ETD Network Graph;
  
  selecting an identified entity to filter data in the ETD Event Series Chart;
  
  selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and
  
  selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, comprising generating a case file for later ETD analysis based on a selected event in the ETD Event Series Chart.
  - 3. The computer-implemented method of claim 1, wherein the one or more defined filters include a timeframe, Alert, or an ETD Pattern.
  - 4. The computer-implemented method of claim 1, wherein the Event Series Chart comprises two identical time axes.
  - 5. The computer-implemented method of claim 1, comprising enabling zooming and panning functionality for the ETD Event Series Chart.

6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis;
  
  selecting a filter from one or more filters defined for an ETD Network Graph;
  
  fetching Events from the selected one or more log files based on the selected filter;
  
  identifying entities based on the fetched Events;
  
  determining relationships between the identified entities;
  
  enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph;
  
  displaying the determined relationships and identified entities in the ETD NetworkGraph;
  
  selecting an identified entity to filter data in the ETD Event Series Chart;
  
  selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and
  
  selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory, computer-readable medium of claim 6, comprising one or more instructions to generate a case file for later ETD analysis based on a selected event in the ETD Event Series Chart.
  - 8. The non-transitory, computer-readable medium of claim 6, wherein the one or more defined filters include a timeframe, Alert, or an ETD Pattern.
  - 9. The non-transitory, computer-readable medium of claim 6, wherein the Event Series Chart comprises two identical time axes.
  - 10. The non-transitory, computer-readable medium of claim 6, comprising one or more instructions to enable zooming and panning functionality for the ETD Event Series Chart.

11. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis;
  
  selecting a filter from one or more filters defined for an ETD Network Graph;
  
  fetching Events from the selected one or more log files based on the selected filter;
  
  identifying entities based on the fetched Events;
  
  determining relationships between the identified entities;
  
  enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph;
  
  displaying the determined relationships and identified entities in the ETD Network Graph;
  
  selecting an identified entity to filter data in the ETD Event Series Chart;
  
  selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and
  
  selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-implemented system of claim 11, comprising one or more operations to generate a case file for later ETD analysis based on a selected event in the ETD Event Series Chart.
  - 13. The computer-implemented system of claim 11, wherein the one or more defined filters include a timeframe, Alert, or an ETD Pattern.
  - 14. The computer-implemented system of claim 11, wherein the Event Series Chart comprises two identical time axes.
  - 15. The computer-implemented system of claim 11, comprising one or more operations to enable zooming and panning functionality for the ETD Event Series Chart.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Peng, Wei-Guo, Luo, Lin, Pritzkau, Eugen, Seifert, Hartwig, Mehta, Harish, Zhang, Nan, Menke, Thorsten, Hassforther, Jona, Merkel, Rita, Chrosziel, Florian, Nos, Kathrin, Rodeck, Marco, Kunz, Thomas
Primary Examiner(s)
Chen, Shin-Hon (Eric)

Application Number

US15/847,450
Publication Number

US 20190190927A1
Time in Patent Office

903 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 16/9024   Graphs; Linked lists G06F16...

G06T 11/203   Drawing of straight lines o...

G06T 11/206   Drawing of charts or graphs

G06T 2200/24   involving graphical user in...

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/069   using logs of notifications...

H04L 41/22   comprising specially adapte...

H04L 43/045   for graphical visualisation...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Analysis of complex relationships among information technology security-relevant entities using a network graph

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

205 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Analysis of complex relationships among information technology security-relevant entities using a network graph

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links