Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

Abstract: A first Event is identified from a normalized log persistency layer, where the first Event is associated with an attack on a computing system. A plurality of Events are fetched from the normalized log persistency layer, where each fetched Event correlates with its neighboring fetched Event by at least one correlation attribute, and each of the fetched Event and the first Event are presented on a graphical user interface as a chain of events. A workspace is generated, where the workspace comprises a series of attack paths, where each attack path corresponds to one Event in the chain of events. An ETD pattern is created based on the attack paths in the workspace.

Abstract: A computer-implemented method receives a program code and a signature associated with the program code from a database persistency associated with an enterprise threat detection (ETD) system. The received program code is associated with a configuration check, and the configuration check is developed at a development computing system and can collect information associated with a computing system. The received program code and the signature associated with the program code is distributed to a plurality of computing systems that are monitored by the ETD system. At least one configuration check result is received, and the configuration check result is generated by executing the program code on the computing system. The at least one configuration check result then transmitted to the database persistence, and the at least one result is displayed on a database graphical user interface (GUI) associated with the database persistency.

Abstract: A first Event is identified from a normalized log persistency layer, where the first Event is associated with an attack on a computing system. A plurality of Events are fetched from the normalized log persistency layer, where each fetched Event correlates with its neighboring fetched Event by at least one correlation attribute, and each of the fetched Event and the first Event are presented on a graphical user interface as a chain of events. A workspace is generated, where the workspace comprises a series of attack paths, where each attack path corresponds to one Event in the chain of events. An ETD pattern is created based on the attack paths in the workspace.