Microsoft Sentinel and SAP: How can these systems be leveraged to have continuous threat monitoring in SAP systems? How do you protect data security in SAP with this tool?
A recent but promising solution for Continuous Threat Monitoring management for SAP systems.
What is Microsoft Sentinel for SAP?
Microsoft Sentinel is a SIEM (security information and event management). We have talked about it on several occasions:
- SAP Cybersecurity - SAP Enterprise Threat Detection what is it?
- SAP Cyber Security for SMEs
- SIEM GDPR Compliance
Microsoft then developed connectors and, more importantly, a logic for analyzing the data collected by SAP systems within its SIEM solution.
Who can use it?
Until February 2023 it could be used by everyone without subscription (with Azure already active). In fact the solution, released by Microsoft recently, was on trial. Then the trial period was extended (until April 30, 2023), but after that it will become pay-as-you-go. Probably, the metric will be based on traffic generated.
All customers who already have the Sentinel solution and SAP, can activate it to start using this system.
Rules for Microsoft Sentinel for SAP
Microsoft has already created a set of rules that can be activated within the solution
In some cases, you can influence them through watchlists or you can create new ones through Kusto Query Language (KSQL).
It is important to remember that many of these rules rely on reading the data recorded in SAP via the Security Audi Log, which clearly must be active and configured.
hat are the steps to activate it?
Following the SAP and Microsoft guidance in this regard there are the following important macro-steps:
- Microsoft service activation
- Importing the packages released by Microsoft into SAP (via change request)
- Configuring the machine for sending logs
- Activation of out of the box (OOTB) rules or customization of own rules
Contact us if you would like to find out what we have done and how we have configured it in business realities.