System and method of fraud and misuse detection using event logs
First Claim
1. A method of detecting improper access of business information in a customer relationship management (CRM) computer environment, the method comprising:
- analyzing audit log data representing at least one of transactions or activities of an authorized user having access to the business information in the CRM computer environment, the business information including at least one of a customer record or a prospective customer record, to determine at least one of a number of accesses by the authorized user to the CRM computer environment or a time interval of access by the authorized user to the CRM computer environment;
generating a rule for monitoring the analyzed audit log data, the rule comprising at least one criterion specifying at least one of a specific volume threshold of access by the authorized user to the CRM computer environment, or a predetermined time interval of access by the authorized user to the CRM computer environment;
applying the rule to the analyzed audit log data to determine if an event has occurred, the event occurring if at least one of the number of accesses by the authorized user to the CRM computer environment exceeds an allowed access count corresponding to the specific volume threshold or the time interval of access by the authorized user to the CRM computer environment overlaps the predetermined time interval;
storing, in a memory, a hit if the event has occurred; and
providing notification if the event has occurred.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored in the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.
38 Citations
30 Claims
-
1. A method of detecting improper access of business information in a customer relationship management (CRM) computer environment, the method comprising:
-
analyzing audit log data representing at least one of transactions or activities of an authorized user having access to the business information in the CRM computer environment, the business information including at least one of a customer record or a prospective customer record, to determine at least one of a number of accesses by the authorized user to the CRM computer environment or a time interval of access by the authorized user to the CRM computer environment; generating a rule for monitoring the analyzed audit log data, the rule comprising at least one criterion specifying at least one of a specific volume threshold of access by the authorized user to the CRM computer environment, or a predetermined time interval of access by the authorized user to the CRM computer environment; applying the rule to the analyzed audit log data to determine if an event has occurred, the event occurring if at least one of the number of accesses by the authorized user to the CRM computer environment exceeds an allowed access count corresponding to the specific volume threshold or the time interval of access by the authorized user to the CRM computer environment overlaps the predetermined time interval; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium with computer-executable instructions embodied thereon for performing a method of detecting improper access of business information in a customer relationship management (CRM) computer environment, the method comprising:
-
analyzing audit log data representing at least one of transactions or activities of an authorized user having access to the business information in the CRM computer environment, the business information including at least one of a customer record or a prospective customer record, to determine at least one of a number of accesses by the authorized user to the CRM computer environment or a time interval of access by the authorized user to the CRM computer environment; providing a selection of at least one criterion specifying a specific volume threshold of access by an authorized user to the CRM computer environment, or a pre-determined time interval of access by the authorized user to the CRM computer environment; providing a selection for a schedule for application of a rule to the analyzed audit log data; applying the rule to the analyzed audit log data according to the selected schedule to determine if at least one of the number of accesses by the authorized user to the CRM computer environment exceeds an allowed access count corresponding to the specific volume threshold or the time interval of access by the authorized user to the CRM computer environment overlaps the predetermined time interval; storing a hit if the event has occurred; and providing a notification if the event has occurred. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A system for detecting improper access of business information in a customer relationship management (CRM) computer environment, the system comprising:
-
a user interface for selection of at least one criterion specifying a specific volume threshold of access by an authorized user to the CRM computer environment, or a pre-determined time interval of access by the authorized user to the CRM computer environment, the authorized user having a predefined role comprising authorized computer access to the business information, and for selection of a schedule for application of a rule for monitoring the audit log date; a microprocessor in communication with the user interface and having access to the audit log data, the microprocessor generating the rule based at least in part on the at least one criterion selected and applying the rule to the audit log data according to the schedule selected in order to determine if an event has occurred, wherein the event occurs if the at least one criterion has been met, wherein the microprocessor stores a hit if the event has occurred, wherein the microprocessor provides notification if the event has occurred, and wherein the microprocessor generates a compilation of hits related to the rule.
-
-
21. A method of detecting improper access of a pre-identified record in a customer relationship management (CRM) computer environment, the method comprising:
-
applying a rule for monitoring audit log data to determine if an event has occurred, the event occurring if at least one criterion has been met, the at least one criterion specifying a specific volume threshold of access by an authorized user to the CRM computer environment, or a pre-determined time interval of access by the authorized user to the CRM computer environment, the rule comprising the at least one criterion related to access of a pre-identified record, that is indicative of improper access of the pre-identified record by a authorized user, the authorized user having a pre-defined role comprising authorized computer access to the pre-identified record; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification