STANDARD METADATA MODEL FOR ANALYZING EVENTS WITH FRAUD, ATTACK, OR ANY OTHER MALICIOUS BACKGROUND

US 20170134408A1
Filed: 11/10/2015
Published: 05/11/2017
Est. Priority Date: 11/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by at least one data processor, log data for each of a plurality of computing systems;

mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;

defining, by at least one data processor, a standard metadata model for the plurality of computing systems;

associating, by at least one data processor, one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities;

storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems; and

for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.

20 Citations

View as Search Results

15 Claims

1. A method comprising:
- storing, by at least one data processor, log data for each of a plurality of computing systems;
  
  mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  defining, by at least one data processor, a standard metadata model for the plurality of computing systems;
  
  associating, by at least one data processor, one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities;
  
  storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems; and
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method in accordance with claim 1, wherein the standardized attributes include user identification data.
  - 3. The method in accordance with claim 1, wherein the selected access event is a user-initiated access to the first computing system.
  - 4. The method in accordance with claim 3, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 5. The method in accordance with claim 1, further comprising generating, by at least one data processor, a graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

6. A computer program product comprising a machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
- storing log data for each of a plurality of computing systems;
  
  mapping the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  defining a standard metadata model for the plurality of computing systems;
  
  associating one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities;
  
  storing the connected metadata in a central repository accessible by each of the plurality of computing systems; and
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product in accordance with claim 6, wherein the standardized attributes include user identification data.
  - 8. The computer program product in accordance with claim 6, wherein the selected access event is a user-initiated access to the first computing system.
  - 9. The computer program product in accordance with claim 8, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 10. The computer program product in accordance with claim 6, wherein the operations further comprise generating a graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

11. A system comprising:
- at least one programmable processor; and
  
  a machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations comprising;
  
  store log data for each of a plurality of computing systems;
  
  map the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  define a standard metadata model for the plurality of computing systems;
  
  associate one or more standardized attributes of a first of the plurality of computing systems with one or more standardized attributes of a second of the plurality of computing systems to define connected metadata that connects attributes of the associated metadata entities;
  
  store the connected metadata in a central repository accessible by each of the plurality of computing systems; and
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, search the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system in accordance with claim 11, wherein the standardized attributes include user identification data.
  - 13. The system in accordance with claim 11, wherein the selected access event is a user-initiated access to the first computing system.
  - 14. The system in accordance with claim 13, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 15. The system in accordance with claim 11, wherein the operations further comprise generating a graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Nos, Kathrin

Granted Patent

US 9,876,809 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

STANDARD METADATA MODEL FOR ANALYZING EVENTS WITH FRAUD, ATTACK, OR ANY OTHER MALICIOUS BACKGROUND

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

STANDARD METADATA MODEL FOR ANALYZING EVENTS WITH FRAUD, ATTACK, OR ANY OTHER MALICIOUS BACKGROUND

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others