Pattern creation in enterprise threat detection

Assignee

• SAP SE · DE

Inventors

• Eugen Pritzkau · Wiesloch, DE
• Joscha Philipp Bohn · Heidelberg, DE
• Daniel Kartmann · Oftersheim, DE
• Wei-Guo Peng · Dallau, DE
• Hristina Dinkova · Schallstadt, DE
• Lin Luo · Sugar Land, US
• Thomas Kunz · Neckargemünd, DE
• Marco Rodeck · Maikammer, DE
• Hartwig Seifert · Elchesheim-Illingen, DE
• Harish Mehta · Wiesenbach, DE
• Nan Zhang · San Diego, US
• Rita Merkel · Ilvesheim, DE
• Florian Chrosziel · St. Leon-Rot, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F16/3344
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Search results are received from an initiated free text search of log data from one or more logs, where the free text is performed using search terms entered into a free text search graphical user interface. A set of at least one search result is selected from the search results containing an event desired to be identified in a completed enterprise threat detection (ETD) pattern. A forensic lab application is rendered to complete an ETD pattern. An event filter is added for an event type based on normalized log data to a path. A relative ETD pattern time range is set and an ETD pattern is completed based on the added event filter.