KNOWLEDGE BASE IN ENTERPRISE THREAT DETECTION
First Claim
1. A computer-implemented method, comprising:
- accessing a log file including a plurality of log entries;
analyzing each log entry of the plurality of log entries to identify components of each log entry, wherein the components of the particular log entry indicate an event, wherein the event is associated with roles, and wherein each role is associated with one or more attributes;
determining semantic meaning of the event associated with the particular log entry, wherein a mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry;
modeling the derived semantic meaning for the particular log entry; and
recording the modeled semantic meaning in the knowledgebase as a new semantic meaning model for future use.
1 Assignment
0 Petitions
Accused Products
Abstract
A log file including a plurality of log entries is accessed. Each log entry of the plurality of log entries is analyzed to identify components of each log entry. The components of the particular log entry indicate an event. The event is associated with roles. Each role is associated with one or more attributes. Semantic meaning of the event associated with the particular log entry is determined. A mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry. The derived semantic meaning is modeled for the particular log entry. The modeled semantic meaning is recorded in the knowledgebase as a new semantic meaning model for future use.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
accessing a log file including a plurality of log entries; analyzing each log entry of the plurality of log entries to identify components of each log entry, wherein the components of the particular log entry indicate an event, wherein the event is associated with roles, and wherein each role is associated with one or more attributes; determining semantic meaning of the event associated with the particular log entry, wherein a mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry; modeling the derived semantic meaning for the particular log entry; and recording the modeled semantic meaning in the knowledgebase as a new semantic meaning model for future use. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium storing computer-readable instructions, the instructions executable by a computer and configured to:
-
access a log file including a plurality of log entries; analyze each log entry of the plurality of log entries to identify components of each log entry, wherein the components of the particular log entry indicate an event, wherein the event is associated with roles, and wherein each role is associated with one or more attributes; determine semantic meaning of the event associated with the particular log entry, wherein a mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry; model the derived semantic meaning for the particular log entry; and record the modeled semantic meaning in the knowledgebase as a new semantic meaning model for future use. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a memory; at least one hardware processor interoperably coupled with the memory and configured to; access a log file including a plurality of log entries; analyze each log entry of the plurality of log entries to identify components of each log entry, wherein the components of the particular log entry indicate an event, wherein the event is associated with roles, and wherein each role is associated with one or more attributes; determine semantic meaning of the event associated with the particular log entry, wherein a mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry; model the derived semantic meaning for the particular log entry; and record the modeled semantic meaning in the knowledgebase as a new semantic meaning model for future use. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification