User state tracking and anomaly detection in software-as-a-service environments
First Claim
1. A method for user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, comprising:
- obtaining, from each of a set of cloud applications, user state data with respect to one or more resources;
for a given cloud application in the set, mapping the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application;
outputting the reduced set of states to facilitate a logging operation.
1 Assignment
0 Petitions
Accused Products
Abstract
A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.
-
Citations
21 Claims
-
1. A method for user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, comprising:
-
obtaining, from each of a set of cloud applications, user state data with respect to one or more resources; for a given cloud application in the set, mapping the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application; outputting the reduced set of states to facilitate a logging operation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to provide user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, the computer program instructions comprising program code operative to; obtain, from each of a set of cloud applications, user state data with respect to one or more resources; for a given cloud application in the set, map the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application; provide the reduced set of states to facilitate a logging operation. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to provide user state tracking and anomaly detection in a Software-As-A-Service (SaaS) environment having a plurality of cloud applications, the computer program instructions comprising program code operative to:
-
obtain, from each of a set of cloud applications, user state data with respect to one or more resources; for a given cloud application in the set, map the user state data to a reduced set of states, the reduced set of states including at least a first state indicating an acceptable functioning state with respect to a user and resource at the given cloud application, and a second state indicating a malfunctioning state with respect to the user and resource at the given cloud application; provide the reduced set of states to facilitate a logging operation. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification