Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAP enterprise threat detection is a HANA based SAP Solution that can monitor and correlate data from disparate SAP and non-SAP systems in the IT landscape and hence can help manage exposure to internal and external threats. The business case behind this product and the solution brief can be found on the following link.SAP Enterprise Threat Detection - Security Monitoring - Data Breach Protection.This blog lists the components of the ETD solution,the integration between these components and describes the configuration steps to be performed to make an ETD system ready for usage.

Components :The ETD solution has 3 components

  1. HANA component (delivery unit that is imported into the HANA system).
  2. ESP component (Event stream processor), which acts as an interface between the HANA system and the target system from which logs are being collected.     
  3. Target system component . The target can be a SAP or a non-SAP system ( In this blog post, the target system is assumed to be a SAP ABAP system)

Configuration steps


Step 1: Importing the delivery unit

1. Import the delivery unit into your HANA system. (If you receive error/s , while importing  the file , you need  check the HANA version compatibility with the delivery unit as the required HANA version can vary based on the SP level of the delivery unit ). HANA ALM can also be used for importing the delivery unit. The delivery unit to be imported is available on the SAP Service Market Place.


Before the actual import a simulation is performed, as shown below.

Step 2: Set up ESP and HANA Connectivity


The  ESP projects enhance and enrich the content of the logs that are obtained from the target system.

Prerequisites: ESP should be installed. The installation process is fairly simple and details can be found on the ESP installation page. ESP Installation can be on a Linux or a windows machine. The configuration steps shown on this blog are relevant when ESP has been installed on a windows instance.

Once ESP is installed, connectivity between the HANA system and SAP ESP can be set up and this is done via an ODBC connection.


a) Create ODBC connection

    On the windows machine, ( where ESP is installed)  go to the start menu and search for ODBC and choose "data sources" as shown below.

Fill up values in fields: Data Source name and Description

While creating the ODBC connection, just copy the information from the “Additional Properties” section in the HANA Studio. Full path

HANA Studio => Server =>Right click and Properties => Database User Logon => Additional Properties

Provide user name and password for the HANA system and choose connect.

b) Create the Data Service

    On the ESP studio, navigate to data services view

Select the server node and choose ad ODBC service

Right click and choose discover

   


c) Importing ESP projects

ESP projects are delivered as part of the HANA delivery unit. As a precursor to importing the projects into the ESP studio the esp folder must be checked out ( as shown below ) followed by placing the the contents of the ESP folder ( that also contains the ESP projects ) to a location which is accessible to the ESP studio.

Once the projects are accessible , they can be imported into the ESP studio as shown below.Files to be imported  are transfer_log.zip and transfer_master_data.zip.

d)   Start the SAP ESP web service provider

Use the esp_wsp.bat file, path C:\esp_rootpath\wsp\esp_wsp.bat

Step 3) Configure the Target system


ETD related corrections and reports are delivered with SAP_BASIS 7.4 SP10. However if upgrading to the required release and SP is not an option,individual notes can be applied manually.Once this perquisite is met, following steps are to be followed.


a) Configure report SECM_CONFIGURATION

     Transaction SE38 = > Program SECM_CONFIGURATION

In the SECM: Configuration report, navigate to the second tab and provide login details of the adm user of the Netweaver system.

c) Transfer logs from ABAP system to ESP server

      Execute report: SECM_LOG_2_ESP

In case there are issues, following SQL queries can be executed to check if logs have been pushed properly to the HANA system .

Log header: select * from "SAP_SEC_MON"."sap.secmon.db::Log.LogHeader"

Log detail: select * from "SAP_SEC_MON"."sap.secmon.db::Log.LogDetail"

To view the ETD home page, launch the url

http://<hostname>:<port>/sap/hana/uis/clients/ushell-app/shells/fiori/FioriLaunchpad.html?sap-langua...

Alerts can be browsed from the alerts section: Highlighted below

9 Comments