Skip to Content
Author's profile photo Susan Marie Thomas

SAP Enterprise Threat Detection: Semantic Events and Attributes


SAP Enterprise Threat Detection is a product that enables you to detect cyber-threats to your IT landscape.

This blog contains a series of videos that explain how Semantic Events and Attributes are crucial to this functionality.

As an alternative to viewing the videos you can follow the textual links to slides and accompanying text that convey the same information as the videos.

There is also a playlist containing all the videos.

Session One: The purpose of Semantic Events and Attributes

Session One gives answers to two main questions:

  1. What are the goals that motivate Semantic Events and Attributes?
  2. How do Semantic Events and Attributes meet these goals?

A key idea introduced in Session One is normalization.

Session Two: Semantic Events and Attributes: What problems do they solve?

Session Two introduces some important problems with software logs, problems that are solved by Semantic Events and Attributes.

By the end of the session, I hope that you see software logs in an entirely different light, and are sensitive to their limitations and defects.

Session Two also introduces the idea of the roles that systems play in an event. In this context ‘system’ is a broad concept including SAP systems, machines, and network nodes.

Session Three: System Roles and Attributes

Session Three covers the following topics:

  • A review of the three system roles seen so far
  • An introduction to attribute naming and attribute groups
  • An overview of the attributes used to identify a system and software on it.
  • The introduction of two more system roles: intermediary and reporter, for a total of five system roles
  • An overview of Semantic Attribute groups
  • And, finally, some words on performance and consistency

Session Four: User Attributes

Session Four is about the roles that users can play in events.

But, first a misconception about users and machines needs to be recognized and cleared up.

Then a more accurate conception is adopted based on the concepts:

  • User account domain
  • User role
  • Pseudonym, person and account.

Session Five: Trigger Roles

Session Five focuses on triggers.

  • What are they?
  • What roles do they have?

Session Six is an upcoming session about Semantic Events in the Knowledge Base and in Log Learning. It will cover how Semantic Events are represented in the Knowledge Base, and how they are used in Log Learning.Log Learning finds the types of log entries in a set of instances, so that you can assign a Semantic Event to each type that is found. Log Learning also helps you map the variables from a type to Semantic Attributes.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Shashikanth Yadiyapur
      Shashikanth Yadiyapur

      Hello Susan

      I see the Video are not available

      Can you please upload or share the links of the Video



      Author's profile photo Susan Marie Thomas
      Susan Marie Thomas
      Blog Post Author

      Hello Shashikanth,

      I am very sorry that due to some policy of removing videos after some time, the videos are not available. I am working with the ETD product group to see if we can get them back.

      If you have specific questions you may schedule a call with me.

      best regards,