Location enrichment in enterprise threat detection

Assignee

• SAP SE · DE

Inventors

• Marco Rodeck · Maikammer, DE
• Harish Mehta · Wiesenbach, DE
• Hartwig Seifert · Elchesheim-Illingen, DE
• Thomas Kunz · Neckargemünd, DE
• Eugen Pritzkau · Wiesloch, DE
• Wei-Guo Peng · Dallau, DE
• Lin Luo · Sugar Land, US
• Rita Merkel · Ilvesheim, DE
• Florian Chrosziel · St. Leon-Rot, DE
• Jona Hassforther · Heidelberg, DE
• Thorsten Menke · Bad Iburg, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/63
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Subnet information and location information is received from a database by a smart data streaming engine (SDS). A particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value. Log event data received in the SDS is normalized as normalized log event data. The normalized log event data is enriched with subnet and location information as enriched log event data and written into a log event persistence in the database. A subnet ID value retrieved from an enriched log event of the enriched log event data is used by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using a location ID value associated with the subnet ID.