Testing cloud application integrations, data, and protocols
First Claim
1. A computer-implemented method comprising, at a computer system of a security management system:
- obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service;
parsing an action from the list of actions to determine a list of fields included in the action;
identifying a field from the list of fields, wherein an identity of the field describes data included in the field;
generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action;
generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario;
generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields;
generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and
inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are systems, methods, and computer-readable medium for a simulation platform that can generate simulated activity data for testing a security monitoring and control system. In various examples, the simulation platform can parse the activity data from a cloud service to determine the fields associated with each action in the activity data. The simulation platform can then generate a template, where each entry in the template describes an action and the fields associated with the action. The simulation platform can further generate a configuration that describes a test scenario. The simulation platform can use the configuration and the template to generate the particular action, including randomizing some or all of the fields of the action. When input into the security monitoring and control system, the system can operate on the simulated activity data in the same way as when the system ingests live activity data.
-
Citations
20 Claims
-
1. A computer-implemented method comprising, at a computer system of a security management system:
-
obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service; parsing an action from the list of actions to determine a list of fields included in the action; identifying a field from the list of fields, wherein an identity of the field describes data included in the field; generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action; generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario; generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields; generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing system of a security management system, comprising:
-
one or more processors; and a memory coupled to and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including; obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service; parsing an action from the list of actions to determine a list of fields included in the action; identifying a field from the list of fields, wherein an identity of the field describes data included in the field; generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action; generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario; generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields; generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors of a computing system of a security management system, cause the one or more processors to:
-
obtain activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service; parse an action from the list of actions to determine a list of fields included in the action; identify a field from the list of fields, wherein an identity of the field describes data included in the field; generate a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action; generate a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario; generate a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields; generate simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and input the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario. - View Dependent Claims (18, 19, 20)
-
Specification