STANDARD METADATA MODEL FOR ANALYZING EVENTS WITH FRAUD, ATTACK, OR ANY OTHER MALICIOUS BACKGROUND
First Claim
Patent Images
1. A method comprising:
- storing, by at least one data processor, log data for each of a plurality of computing systems;
mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
defining, by at least one data processor, a standard metadata model for the plurality of computing systems;
associating, by at least one data processor, one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities;
storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems; and
for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository.
1 Assignment
0 Petitions
Accused Products
Abstract
A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.
20 Citations
15 Claims
-
1. A method comprising:
-
storing, by at least one data processor, log data for each of a plurality of computing systems; mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; defining, by at least one data processor, a standard metadata model for the plurality of computing systems; associating, by at least one data processor, one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities; storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems; and for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product comprising a machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
-
storing log data for each of a plurality of computing systems; mapping the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; defining a standard metadata model for the plurality of computing systems; associating one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities; storing the connected metadata in a central repository accessible by each of the plurality of computing systems; and for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one programmable processor; and a machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations comprising; store log data for each of a plurality of computing systems; map the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; define a standard metadata model for the plurality of computing systems; associate one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities; store the connected metadata in a central repository accessible by each of the plurality of computing systems; and for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, search the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository. - View Dependent Claims (12, 13, 14, 15)
-
Specification