Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.

Abstract: A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.

Abstract: A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

Abstract: Threat detection in a multi-organizational environment. Attribute data corresponding to accesses to a multi-organizational environment and entity data corresponding to accesses to the multi-organizational environment are maintained. A graph based on the attribute data and the entity data where graph edges represent a relationship between an attribute and an entity is generated. Subsequent access are compared to the graph to determine if the subsequent access corresponds to a new relationship. The subsequent access is allowed if the subsequent access does not correspond to a new relationship. The subsequent access further analyzed if the subsequent access corresponds to a new, unexpected relationship.

Abstract: Threat detection in a multi-organizational environment. Attribute data corresponding to accesses to a multi-organizational environment and entity data corresponding to accesses to the multi-organizational environment are maintained. A graph based on the attribute data and the entity data where graph edges represent a relationship between an attribute and an entity is generated. Subsequent access are compared to the graph to determine if the subsequent access corresponds to a new relationship. The subsequent access is allowed if the subsequent access does not correspond to a new relationship. The subsequent access further analyzed if the subsequent access corresponds to a new, unexpected relationship.

Abstract: Methods and systems are provided for associating objects in a database. An exemplary method involves identifying one or more objects in the database that are likely to be related to a first object in the database that is based on data obtained from a local application associated with a user and displaying the identified objects on a client device associated with the user. In exemplary embodiments, the identified objects are displayed in response to selection of a graphical user interface element enabling indication of a second object from among the one or more objects, wherein the first object is associated with the second object in the database after receiving indication of the second object. In one or more exemplary embodiments, the database is a multi-tenant database in a multi-tenant system providing instances of a virtual application to multiple tenants.

Abstract: Methods and systems are provided for associating objects in a database. An exemplary method involves identifying one or more objects in the database that are likely to be related to a first object in the database that is based on data obtained from a local application associated with a user and displaying the identified objects on a client device associated with the user. In exemplary embodiments, the identified objects are displayed in response to selection of a graphical user interface element enabling indication of a second object from among the one or more objects, wherein the first object is associated with the second object in the database after receiving indication of the second object. In one or more exemplary embodiments, the database is a multi-tenant database in a multi-tenant system providing instances of a virtual application to multiple tenants.