KNOWLEDGE BASE IN ENTERPRISE THREAT DETECTION

KNOWLEDGE BASE IN ENTERPRISE THREAT DETECTION

A log file including a plurality of log entries is accessed. Each log entry of the plurality of log entries is analyzed to identify components of each log entry. The components of the particular log entry indicate an event. The event is associated with roles. Each role is associated with one or more...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Thomas Susan Marie, Seifert Hartwig, Al-Hujaj Omar Alexander, Pritzkau Eugen, Kunz Thomas, Merkel Rita, Mehta Harish, Carullo Lukas, Rodeck Marco
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A log file including a plurality of log entries is accessed. Each log entry of the plurality of log entries is analyzed to identify components of each log entry. The components of the particular log entry indicate an event. The event is associated with roles. Each role is associated with one or more attributes. Semantic meaning of the event associated with the particular log entry is determined. A mapping is performed by applying contextual information from one or more semantic meaning models stored in a knowledgebase to the identified components of each log entry to derive semantic meaning for the particular log entry. The derived semantic meaning is modeled for the particular log entry. The modeled semantic meaning is recorded in the knowledgebase as a new semantic meaning model for future use.