Support package 06 brings lots of new features. Since the forensic lab is the key tool in SAP Enterprise Threat Detection, improvements there are usually worth a mention. In this support package are several involving operators, which are important for pattern development.
- The threshold in a pattern can now use =, >, <, <=, or >=. The default >= is the behavior that you will be familiar with.
- Value lists now allow the operators EQUALS, LIKE, and LIKE_REGEXPR. EQUALS is to be preferred on performance grounds though.
- In filter paths, the relationship between subsets can now be OR, shown by a chain symbol. This is useful for cross-role filtering, for example – see screenshot below.
Relevant SAP Notes
2517276 – Release Note SAP Enterprise Threat Detection 1.0 SP06 PL00