Real-time push API for log events in enterprise threat detection
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving a log entry at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system, wherein a kernel log writing component of the backend computing system calls the real-time push API associated with the backend computing system to transmit the log entry to the streaming component of the ETD system when the log entry is written into the kernel log writing component of the backend computing system;
parsing the log entry using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system;
transferring the mapped data to an ETD streaming project for enrichment;
enriching the mapped data as enriched data; and
writing, using the streaming component, the enriched data into a database associated with the ETD system.
1 Assignment
0 Petitions
Accused Products
Abstract
A log entry is received at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system. The received log entry is parsed using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system. The mapped data is transferred to an ETD streaming project and enriched. The streaming component writes the enriched data into a database associated with the ETD system.
200 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving a log entry at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system, wherein a kernel log writing component of the backend computing system calls the real-time push API associated with the backend computing system to transmit the log entry to the streaming component of the ETD system when the log entry is written into the kernel log writing component of the backend computing system; parsing the log entry using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system; transferring the mapped data to an ETD streaming project for enrichment; enriching the mapped data as enriched data; and writing, using the streaming component, the enriched data into a database associated with the ETD system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
receiving a log entry at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system, wherein a kernel log writing component of the backend computing system calls the real-time push API associated with the backend computing system to transmit the log entry to the streaming component of the ETD system when the log entry is written into the kernel log writing component of the backend computing system; parsing the log entry using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system; transferring the mapped data to an ETD streaming project for enrichment; enriching the mapped data as enriched data; and writing, using the streaming component, the enriched data into a database associated with the ETD system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented system, comprising:
-
a computer memory; and a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising; receiving a log entry at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system, wherein a kernel log writing component of the backend computing system calls the real-time push API associated with the backend computing system to transmit the log entry to the streaming component of the ETD system when the log entry is written into the kernel log writing component of the backend computing system; parsing the log entry using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system; transferring the mapped data to an ETD streaming project for enrichment; enriching the mapped data as enriched data; and writing, using the streaming component, the enriched data into a database associated with the ETD system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification