Standard metadata model for analyzing events with fraud, attack, or any other malicious background
First Claim
Patent Images
1. A method comprising:
- storing, by at least one data processor, log data for each of a plurality of computing systems;
mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
defining, by at least one data processor, a standard metadata model for the plurality of computing systems;
associating, by at least one data processor, one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system;
storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems;
for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and
analyzing, by at least one data processor, a first graphical representation of one or more results of the searching.
1 Assignment
0 Petitions
Accused Products
Abstract
A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.
19 Citations
15 Claims
-
1. A method comprising:
-
storing, by at least one data processor, log data for each of a plurality of computing systems; mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; defining, by at least one data processor, a standard metadata model for the plurality of computing systems; associating, by at least one data processor, one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system; storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems; for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and analyzing, by at least one data processor, a first graphical representation of one or more results of the searching. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
-
storing log data for each of a plurality of computing systems; mapping the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; defining a standard metadata model for the plurality of computing systems; associating one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system; storing the connected metadata in a central repository accessible by each of the plurality of computing systems; for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and analyzing a first graphical representation of one or more results of the searching. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one programmable processor; and a non-transitory machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations comprising; store log data for each of a plurality of computing systems; map the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems; define a standard metadata model for the plurality of computing systems; associate one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system; store the connected metadata in a central repository accessible by each of the plurality of computing systems; for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, search the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and analyzing a first graphical representation of one or more results of the searching. - View Dependent Claims (12, 13, 14, 15)
-
Specification