Configuring SAP Enterprise Threat Detection
SAP enterprise threat detection is a HANA based SAP Solution that can monitor and correlate data from disparate SAP and non-SAP systems in the IT landscape and hence can help manage exposure to internal and external threats. The business case behind this product and the solution brief can be found on the following link.SAP Enterprise Threat Detection – Security Monitoring – Data Breach Protection.This blog lists the components of the ETD solution,the integration between these components and describes the configuration steps to be performed to make an ETD system ready for usage.
Components :The ETD solution has 3 components
- HANA component (delivery unit that is imported into the HANA system).
- ESP component (Event stream processor), which acts as an interface between the HANA system and the target system from which logs are being collected.
- Target system component . The target can be a SAP or a non-SAP system ( In this blog post, the target system is assumed to be a SAP ABAP system)
Configuration steps
Step 1: Importing the delivery unit
1. Import the delivery unit into your HANA system. (If you receive error/s , while importing the file , you need check the HANA version compatibility with the delivery unit as the required HANA version can vary based on the SP level of the delivery unit ). HANA ALM can also be used for importing the delivery unit. The delivery unit to be imported is available on the SAP Service Market Place.
Before the actual import a simulation is performed, as shown below.
Step 2: Set up ESP and HANA Connectivity
The ESP projects enhance and enrich the content of the logs that are obtained from the target system.
Prerequisites: ESP should be installed. The installation process is fairly simple and details can be found on the ESP installation page. ESP Installation can be on a Linux or a windows machine. The configuration steps shown on this blog are relevant when ESP has been installed on a windows instance.
Once ESP is installed, connectivity between the HANA system and SAP ESP can be set up and this is done via an ODBC connection.
a) Create ODBC connection
On the windows machine, ( where ESP is installed) go to the start menu and search for ODBC and choose “data sources” as shown below.
Fill up values in fields: Data Source name and Description
While creating the ODBC connection, just copy the information from the “Additional Properties” section in the HANA Studio. Full path
HANA Studio => Server =>Right click and Properties => Database User Logon => Additional Properties
Provide user name and password for the HANA system and choose connect.
b) Create the Data Service
On the ESP studio, navigate to data services view
Select the server node and choose ad ODBC service
Right click and choose discover
c) Importing ESP projects
ESP projects are delivered as part of the HANA delivery unit. As a precursor to importing the projects into the ESP studio the esp folder must be checked out ( as shown below ) followed by placing the the contents of the ESP folder ( that also contains the ESP projects ) to a location which is accessible to the ESP studio.
Once the projects are accessible , they can be imported into the ESP studio as shown below.Files to be imported are transfer_log.zip and transfer_master_data.zip.
d) Start the SAP ESP web service provider
Use the esp_wsp.bat file, path C:\esp_rootpath\wsp\esp_wsp.bat
Step 3) Configure the Target system
ETD related corrections and reports are delivered with SAP_BASIS 7.4 SP10. However if upgrading to the required release and SP is not an option,individual notes can be applied manually.Once this perquisite is met, following steps are to be followed.
a) Configure report SECM_CONFIGURATION
Transaction SE38 = > Program SECM_CONFIGURATION
In the SECM: Configuration report, navigate to the second tab and provide login details of the adm user of the Netweaver system.
c) Transfer logs from ABAP system to ESP server
Execute report: SECM_LOG_2_ESP
In case there are issues, following SQL queries can be executed to check if logs have been pushed properly to the HANA system .
Log header: select * from “SAP_SEC_MON”.“sap.secmon.db::Log.LogHeader”
Log detail: select * from “SAP_SEC_MON”.“sap.secmon.db::Log.LogDetail”
To view the ETD home page, launch the url
Alerts can be browsed from the alerts section: Highlighted below
Can I install ESP and ETD in one server?
I think you mean whether you can install ESP on the same server on which HANA is installed , ( ETD is a deployable unit on HANA ) . The answer is yes.
Hi Expert,
we are just thinking about operating a own S/4 HANA on premise. Can we install HANA SDS and ETD on the HANA host (same host deployment)? I know that this isn't supported in production environments, but the reason for asking is, I am not sure what differs S/4 from a traditional HANA platform installation, or is it just the same HANA incl. a full SAP installation? Any technical restrictions you may know which does not allow S/4, SDS and ETD on one host?
Thanks
Carsten
Anyone able to provide answer? Thanks
Hi Carsten, This seems similar to the question above and it boils down to compatibility of ETD HANA deployable with the installed HANA revision. If ETD is co-deployed with S/4 HANA ( or any other HANA application ) , there could be a conflict if another application requires a HANA revision with which ETD is incompatible with . Details are in SAP note , 2137018 - Compatibility information for SAP Enterprise Threat Detection support packages and SAP HANA revisions. Regards, Sharad
Hi Carsten,
is you question: SDS on the same server than SAP HANA of SAP ETD
or
SAP ETD (HANA) on the same SAP HANA than S/4 HANA.
Regards
Maatthias
Hi Matthias, second. The first question is already answered, as this is possible by the so called same host deployment. If we would operate our own S/4 HANA, question would be if ETD can just exist on the same SAP HANA (separate partition i guess). Sorry for asking, I am not the HANA expert and I was doing hard finding any useful information about the recommendations, do's and don'ts. Would SAP recommend to operate own SAP HANA for ETD, is that a common use case? Regards, Carsten
Hi,
I would not run SAP ETD HANA on the same box than S/4 HANA.
It has to be on the white list which is not the case for MCOD/MCOS
S/4HANA On Premise System Architecture options
Per default you should not run SDS and SAP HANA/ETD on one box for productive enviroments.
http://help.sap.com/Download/Multimedia/zip-hana_options_sds/streaming_installation_update_guide.pdf
--> section 7
Technical is works, SAP cannot support such scenarios for productive environments.
You can install SAP HANA and SAP HANA smart data streaming each on a dedicated server (referred to as a dedicated host deployment) in a production environment. You can install SAP HANA and SAP HANA smart data streaming on the same server (referred to as a same host deployment) only in a nonproduction (test) environment.
Same host deployments, primarily designed for small, nonproduction environments, have one important limitation. All CPU and memory resources on the common host in a same host deployment are shared between SAP HANA and smart data streaming. There is no way to control how the resources are shared between products. This sharing of resources could have an impact on performance, the exact nature of which depends on system configuration and tasks performed.
Regards
Matthias
hi,
where did we download the Delivery unit. Can someone provide me some information.
Thanks
Venkata