Standard metadata model for analyzing events with fraud, attack, or any other malicious background

US 9,876,809 B2
Filed: 11/10/2015
Issued: 01/23/2018
Est. Priority Date: 11/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by at least one data processor, log data for each of a plurality of computing systems;

mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;

defining, by at least one data processor, a standard metadata model for the plurality of computing systems;

associating, by at least one data processor, one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system;

storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems;

for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and

analyzing, by at least one data processor, a first graphical representation of one or more results of the searching.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.

19 Citations

View as Search Results

15 Claims

1. A method comprising:
- storing, by at least one data processor, log data for each of a plurality of computing systems;
  
  mapping, by at least one data processor, the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  defining, by at least one data processor, a standard metadata model for the plurality of computing systems;
  
  associating, by at least one data processor, one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system;
  
  storing, by at least one data processor, the connected metadata in a central repository accessible by each of the plurality of computing systems;
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching, by at least one data processor, the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and
  
  analyzing, by at least one data processor, a first graphical representation of one or more results of the searching.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method in accordance with claim 1, wherein the standardized attributes include user identification data.
  - 3. The method in accordance with claim 1, wherein the selected access event is a user-initiated access to the first computing system.
  - 4. The method in accordance with claim 3, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 5. The method in accordance with claim 1, further comprising generating, by at least one data processor, a second graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

6. A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
- storing log data for each of a plurality of computing systems;
  
  mapping the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  defining a standard metadata model for the plurality of computing systems;
  
  associating one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system;
  
  storing the connected metadata in a central repository accessible by each of the plurality of computing systems;
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, searching the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and
  
  analyzing a first graphical representation of one or more results of the searching.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product in accordance with claim 6, wherein the standardized attributes include user identification data.
  - 8. The computer program product in accordance with claim 6, wherein the selected access event is a user-initiated access to the first computing system.
  - 9. The computer program product in accordance with claim 8, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 10. The computer program product in accordance with claim 6, wherein the operations further comprise generating a second graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

11. A system comprising:
- at least one programmable processor; and
  
  a non-transitory machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations comprising;
  
  store log data for each of a plurality of computing systems;
  
  map the log data of each computing system to standardized attributes based on metadata entities defined for each of the plurality of computing systems;
  
  define a standard metadata model for the plurality of computing systems;
  
  associate one or more standardized attributes of a first computing system of the plurality of computing systems with one or more standardized attributes of a second computing system of the plurality of computing systems to define connected metadata that connects the one or more standardized attributes of the first computing system and the one or more standardized attributes of the second computing system;
  
  store the connected metadata in a central repository accessible by each of the plurality of computing systems;
  
  for a selected access event to the first computing system, the selected access event generating the log data related to the first computing system, search the standardized attributes associated with the log data of at least the second of the plurality of computing systems via the connected metadata stored in the central repository; and
  
  analyzing a first graphical representation of one or more results of the searching.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system in accordance with claim 11, wherein the standardized attributes include user identification data.
  - 13. The system in accordance with claim 11, wherein the selected access event is a user-initiated access to the first computing system.
  - 14. The system in accordance with claim 13, wherein the log data generated by the selected access event includes user identification data and timestamp data.
  - 15. The system in accordance with claim 11, wherein the operations further comprise generating a second graphical representation of the standardized attributes associated with the log data of at least the second of the plurality of computing systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Nos, Kathrin
Primary Examiner(s)
Shepperd, Eric W

Application Number

US14/937,794
Publication Number

US 20170134408A1
Time in Patent Office

805 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Standard metadata model for analyzing events with fraud, attack, or any other malicious background

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Standard metadata model for analyzing events with fraud, attack, or any other malicious background

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links