SAP Application Log Analysis pilot dataset

A CSV file prepared from application logs stemming from an SAP BI Warehouse system. This realistic dataset was generated as a means to showcase the SAP pilot use-case of the TOREADOR project. Each line corresponds to a user action. Extid, object and subobject were extracted from the BI system logs, along with the user name and event date. Role was retrieved from the standard user actions Label indicates whether the event is benign or malign - Elevation_of_privileges is an event the user should not be able to perform within the boundaries of his role. Priv_abuse is about a privileged account performing an action breaching a confidentiality clause (e.g. an administrator reading sensitive data). Forgotten_user is about a user who stayed inactive for a long time before being used again (e.g. an employee who left the company where the account was not terminated). Records where no malign activity was detected were marked 'benign'. Outbushours was computed from the time of the action, and mapped to 'inside' or 'outside' business hours.