Abstract: A systems and methods are described detect fraud in existing logs of raw data. There can be several disparate logs, each including data of disparate data types and generated by different and possibly unrelated software enterprise applications. The fraud management system aggregates and organizes the raw log data, extends the raw data with reference data, archives the data in a manner that facilitates efficient access and processing of the data, allows for investigation of potentially fraudulent usage scenarios, and uses the results of the investigation to identify patterns of data that correspond to correspond to high risk usage scenarios and/or process steps. In subsequent processing, archived data can be compared against the identified patterns corresponding to high risk usage scenarios to detect matches, and the invention thereby automatically detects high risk usage scenarios and issues appropriate alerts and reports.

Abstract: A systems and methods are described detect fraud in existing logs of raw data. There can be several disparate logs, each including data of disparate data types and generated by different and possibly unrelated software enterprise applications. The fraud management system aggregates and organizes the raw log data, archives the data in a manner that facilitates efficient access and processing of the data, allows for investigation of potentially fraudulent usage scenarios, and uses the results of the investigation to identify patterns of data that correspond to correspond to high risk usage scenarios and/or process steps. In subsequent processing, archived data can be compared against the identified patterns corresponding to high risk usage scenarios to detect matches, and the invention thereby automatically detects high risk usage scenarios and issues appropriate alerts and reports.

Abstract: A method of instrumenting a software application includes tracing events associated with a usage scenario of the software application; pruning the traced events to produce a signature profile representative of a subset of the traced events, the subset being correlated with the usage scenario; and inserting tags corresponding to the signature profile into the software application for monitoring an additional usage scenario of the software application. Monitoring the additional usage scenario includes detecting a subset of the inserted tags. A further, optional, step of the method includes comparing the detected tags with the signature profile to determine whether a match exists between the usage scenario and the additional usage scenario. Optionally, the method generates a report containing information about the additional usage scenario, in particular information at the detected tags.