Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: SaaS security configurations distribution and management are disclosed, including: providing first software as a service (SaaS) security configurations for a first organization that are applicable to the first organization based at least in part on first attributes of the first organization, wherein the first SaaS security configurations trigger first security actions upon detection of first relevant events; providing second SaaS security configurations for a second organization that are applicable to the second organization based at least in part on second attributes of the second organization, wherein the second SaaS security configurations trigger second security actions upon detection of second relevant events; and selectively presenting, at a user interface, at least a portion of the second SaaS security configurations that is applicable to the first organization based at least in part on the first attributes of the first organization.

Abstract: Bridging between source applications and authorization systems is disclosed, including: monitoring an update across a set of source application servers; translating the update into a synthetic message using source application information associated with the set of source application servers and an attribute associated with a target authorization system; and sending the synthetic message to the target authorization system, wherein the target authorization system is configured to instruct an authorization action to be performed at one or more of the set of source application servers.

Abstract: Bridging between source applications and authorization systems is disclosed, including: monitoring an update across a set of source application servers; translating the update into a synthetic message using source application information associated with the set of source application servers and an attribute associated with a target authorization system; and sending the synthetic message to the target authorization system, wherein the target authorization system is configured to instruct an authorization action to be performed at one or more of the set of source application servers.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: SaaS security configurations distribution and management are disclosed, including: providing first software as a service (SaaS) security configurations for a first organization that are applicable to the first organization based at least in part on first attributes of the first organization, wherein the first SaaS security configurations trigger first security actions upon detection of first relevant events; providing second SaaS security configurations for a second organization that are applicable to the second organization based at least in part on second attributes of the second organization, wherein the second SaaS security configurations trigger second security actions upon detection of second relevant events; and selectively presenting, at a user interface, at least a portion of the second SaaS security configurations that is applicable to the first organization based at least in part on the first attributes of the first organization.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: Remediation of detected configuration violations is disclosed, including: detecting a violation associated with a configuration at a data source server; providing a remediation corresponding to the violation; and storing an audit log that includes one or more events associated with the remediation corresponding to the violation.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: A computer system analyzes the state of a computer system to determine whether that state violates one or more security goals from a particular perspective, such as a particular user account or role. The system takes into account a combination of access rights, permissions, and entitlements to determine whether the state of the computer system violates any of the security goals. In response to determining that at least one of the security goals is violated, the computer system may change the state of the computer system so that it no longer violates the security goals, or prevent the computer system from being put into that state.

Abstract: A computer system analyzes the state of a computer system to determine whether that state violates one or more security goals from a particular perspective, such as a particular user account or role. The system takes into account a combination of access rights, permissions, and entitlements to determine whether the state of the computer system violates any of the security goals. In response to determining that at least one of the security goals is violated, the computer system may change the state of the computer system so that it no longer violates the security goals, or prevent the computer system from being put into that state.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, a method includes receiving an accepted security assessment agreement from a user, where the security assessment agreement is associated with a software application utilized in an online services system. The method also includes receiving configuration data associated with the software application; receiving scanning data associated with the software application; and sending the configuration data and scanning data to one or more security assessment systems.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, the method includes receiving a list of target data for a report; and generating fields in the report. The method also includes populating the fields with composite information; receiving a command to execute the report; fetching the target data using the composite information; and populating the report with the target data.