New and updated attack detection patterns with SAP Enterprise Threat Detection 2.0 and SAP security notes
SAP regularly releases security notes for newly known vulnerabilities on Security Patch Day.
With SAP Enterprise Threat Detection (ETD) SAP offers timely updates of attack detection patterns that will help safeguard you against exploit attempts of unpatched systems.
Focus is on newly released and older critical security notes, ABAP, Non-ABAP (e.g. HANA, Java).
The attack detection patterns are made available to customers as SAP ETD content packages on the SAP Service Marketplace.
Update August 09 2019:
New content package for SAP Enterprise Threat Detection available on SAP Service Marketplace
New patterns for SAP HANA audit logging, for instance to alert (accidental or deliberate) deactivation of SAP HANA audit logging functionality (category: critical change of system configuration).
When is it planned to deliver patterns for SAP BTP Audit Logs ?
we expect already existing patterns for SAL (ABAP Sec. Audit Logs) also be valid for security related SAP BTP Audit Logs. But indeed, SAP BTP Audit Logs provide not sufficient information for successful security analysis. If you have particular attack scenarios you would like to elaborate, please e-mail me, so we could try together to persuade BTP application/framework components to provide over logs needed security related information.
If you have already logs examples for which you would like to have patterns, please send them to me too.
Do let me know how to connect with you regarding pattern issues which i am facing while trying to configure new patterns.
I am facing challenges while trying to configure Gateway Log, Change Document and Business Transaction Log event type patterns in my environment. I cannot find a way to define or identify event codes related to these event types.
please create a ticket on component BC-SEC-ETD to contact our support for pattern configuration of above logs.