Sap has come up with a nice and user friendly tool called “RSECNOTE” which helps clients / security administrators to simply identify the necessary notes which are critical for them.

Need:  Hackers are targeting Sap since a while and no of attacks has increased in recent years. Though Clients are protected at highest level of security using different levels (SAP security can be provided at 6 levels. They are Operating system, Database, Application, Web Connection, Communication, and Presentation). Sap always publishes security information through newsletters and e-mails customers directly to bring their attention. To make this more transparent and easy a new option has been created in Service market place called “Security contact”. However, if customer wants to know what are the notes relevant for their system it’s not an easy task and administrators need to keep on check notes in service market place for respective components. As per my experience, many clients are not even checking for notes.

To bridge this gap, Sap has come up with tool “RSECNOTE”. Customer at any point of time can run this report and get list of notes required for their system and take decisions depending on the criticality and severity.  This in turn included in early watch reports as well. In this blog, I will explain on how to use this tool and get benefited from it.

Check the note 888889 for up to date information and available releases.

1.   Go to transaction SA38/SE38 and enter report “RSECNOTE” or go to ST13 and enter component name as “RSECNOTE”

SA38/SE38

             ST13

The report checks connection to SAPnet and updates the note information. It only provides the latest notes which are applicable based on the basis / support pack level you are on. i.e. All notes which are already updated with support pack installation or with any other method not shown here.

2.   The below screen shot shows you output of the report which respective notes which need to be implemented / already implemented.

3.    Customer’s / security administrators need to identify the required notes which need to be implemented. Notes with red status (components which are not installed , even I don’t know why SAP shows them if they are not installed. May be they suspect it as needed)can be set to green by clicking on the status button.  You can find these type of notes under section “Manually confirmed recommendations”

The best thing here is you can change the status back if you need.

4.   After successful implementation of note using SNote or by importing support packs which has those notes, the status will be set to Green by the tool

Since I have started positing in SDN, learned a lot and SDN keeps me motivated. Knowledge sharing is the key for one to know better about themselves and technology. I have found some of the old bloggers and moderators provide SAP note #’s just like that. Surprised 🙂 and especially Julius who keeps on provide information regarding hot /critical security notes. By inspiring from them, I have started to keep on checking for notes in Sap market place (though not every day). The note 888889 which is a source for this blog came to notice while reading a forum post. Thanks to all the forum members.