SP07 includes numerous new and enhanced features for business and technical users of Enterprise Threat Detection.
Special attention was given to usability (alert and investigation handling, search capabilities, templates), technical flexibility (scalability, partitioning, configuration) and intelligent log learning.
In addition, further integration with partners and SDS projects/adapters is provided.
Further information on product direction and planning is provided by the roadmap, which can be accessed using the following link.
Picture 1: Launchpad provides an overview of ETD applications and features by user role.
Picture 2: Automated updating of value lists from external sources.
Picture 3: Managing event storage and partitioning configuration.
Picture 4: Bubble Gram showing data distribution and filling level.
What’s New in SAP Enterprise Threat Detection 1.0 SP07
- Enhanced scalability
- Enhanced alert handling
- Search for specific alerts
- Handling of concurrent changes
- Enhanced investigation handling
- Investigation template app
- Search for specific investigations
- Add customizable attributes
- Add new states
- Enhanced partitioning handling
- Configuration of partition distribution
- Configuration of partition size
- Enhanced forensic investigation
- Download normalized and original data (as CSV, ZIP or JSON)
- Workspace Lifecycle Management (versioning, renaming, etc.)
- Add customizable attributes
- Enhanced value lists
- Dynamic filling of lists from external sources
- Enhanced log learning
- Custom identifier aka “Regex Brancher” (use regex to identify a certain log message)
- Handling of new key/value formats
- Windows Event Parser (text + XML)
- Allow multiple semi-colons as separator in structured list
- Support of optional regex groups in custom regex
- Improved error handling (“no match”, locking, etc.)
- Implementation of new security concept
- Refined privileges
- New roles (Auditor, SecExpert, LogLearner, etc.)
- Enhanced ABAP extractors
- Packaging (log data & master data)
- Report configuration handling (set/get parameters, navigations, etc.)
- Improved error handling
- Integration with partners
- SDS projects/adapters
- Kafka subscriber (RTParser can read any Kafka topic for incoming log data)
- Splunk subscriber (RTParser can read any Splunk installation for incoming log data)
- Database subscriber (RTParser can read any DBMS table for incoming log data)
- RTParser supports multiple UDP, TCP and TLS ports
- TLS receiver of syslogs now supports X.509 client certificate validation
- RTParser heartbeats shown as indicators in forensic lab to indicate whether log collector / log pre-processor is alive
- Automatic restart of parsing threads in case of severe errors
- Avoid out of memory exceptions in RTParser by introducing a limit of the internal queue sizes depending on the available main memory
- General RTParser performance improvements
- General RTParser improvements regarding tracing/logging
Relevant SAP Notes
2408213 – Release Note SAP Enterprise Threat Detection 1.0 SP05 PL01
2137018 – Compatibility information for SAP Enterprise Threat Detection support packages and SAP HANA revisions