With Content Delivery Package 4, we introduce a new category of use cases for SAP Enterprise Threat Detection called ETD self defense.
The delivered new workspaces and patterns for this category are designed to help you keep the operation of SAP Enterprise Threat Detection secure by monitoring accidental or deliberate modification to productive ETD content.
This includes the following patterns:
A pattern to test if alerting is working or not. A function test on active alerts is run every 15 minutes. For this pattern we recommend to create a custom tile on the SAP Enterprise Threat Detection launchpad. For more information, see Creating a Custom Tile for the Pattern ‘Alerting Test 15min’.
A pattern to issue an alert if any of your security content is deleted.
Patterns to issue an alert if any malicious activity is detected on the underlying SAP HANA database (such as access to the user data to prevent depseudonymization and tampering of the record of action with database tools).
A pattern to issue an alert if the system detects changes to the whitelist containing the ETD Technical Database user.
The table below presents an overview of the patterns in the latest content package and which use case, or attack scenario, they apply to.