SP03 brings some significant improvements to SAP Enterprise Threat Detection. A major focus was on throughput, performance, and sizing. A visible manifestation of this is the disappearance of the details table and the expansion of the header table. However, in this blog I am going to mention two functional features that stand out.

SIEM Integration

Many security operations have already invested heavily in one or other SIEM solution and are looking to SAP Enterprise Threat Detection to cover the SAP part of their landscape. Ideally, the two solutions should be able to exchange information about what is happening in the areas that they are covering. SAP Enterprise Threat Detection alerts can now be sent (pulled or pushed) in JSON format.

This topic will be covered in more detail in the April edition of SAPinsider magazine (now also here).

Semantic Attributes

This a subject that deserves its own blog so I will merely touch upon it here. In SP02 we introduced semantic events. Now we have semantic attributes, which complete the meaning of semantic events. Events, concepts, and the relationships between them are standardized. Consistent use of events and attributes across sources makes it easier to do cross-log analysis. The bubble diagram shown in the screenshot is new way of displaying and quickly filtering the attributes in the forensic lab.

BubbleGraph.gif

Relevant SAP Notes

2192334 – Release Note SAP Enterprise Threat Detection 1.0 SP03

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply