Skip to Content
Product Information
Author's profile photo Arndt Lingscheid

Support Package 4 of SAP Enterprise Threat Detection 2.0


Cyber attacks on the application layer of SAP S/4HANA systems are getting more and more popular.

When we look at the news, we see new cyber-attacks almost every day. 20 years back cyber attacks on SAP Systems were very rare. A company running SAP software had a very closed IT environment and SAP systems were hardly recognized by attackers. Due to the digital transformation, SAP systems nowadays often are internet facing, located in the cloud, or in a hybrid environment and thousands of people and processes are accessing or interacting with such an SAP system. In addition, compliance requirements are also increasing dramatically and companies often struggle to meet all audit requirements.


We are happy to announce that we have launched the Support Package 4 of SAP Enterprise Threat Detection 2.0.


SAP Enterprise Threat Detection is a SIEM solution tailored to the market needs of SAP business applications giving transparency in real-time.

The solution runs patterns and applies algorithms and statistical analysis to detect meaningful anomalies related to suspicious (user) events, correlation of events, even over time, and anomalies in user behavior that indicate potential threats and fraud.

Forensic analysis and threat hunting can be performed based on all data stored in the SAP HANA database and analysis results are provided in real time.

In a scale-out environment, HANA can keep log volumes of up to several hundred billion log events in-memory while returning query results within a few seconds down to under a second.


What is new within this release?


  • The System Monitoring has been enhanced with an additional Security Note Patch Risk Score per System. Customers get an overview about all security critical aspects of SAP S/4HANA Systems in their landscape, like the Business Risk Score (How critical is it if the system is attacked?) the Business Attack Score (Is the system currently under attack?) and (NEW!) the Patch Risk Score (Is the system patched with security notes?) This as well shows the CVSS score for each missing security patch in a system).
    The score combination draws the attention directly to the most critical systems in the landscape.More detailed information can be found in this blog post.
  • The new Support Package 4 provides now support for ‘HANA DB Native Storage Extension (NSE)’ as a new Warm Data Storage solution, replacing ‘HANA Dynamic Tiering’. NSE provides High Performance Access to Warm Data, and at the same time it is possible to reduce the HANA DB Memory to rather small sizes of HANA Memory Consumption. The data Retention Time can be separately configured for Hot, Warm and Cold Storage.
  • Support Package 4 now also supports additional Log Data from the SAP systems (HTTP Client Log) and from the standalone Web Dispatcher (HTTP Client and Server Log), which enhances the list of Logs to 12 coming out of SAP S4H systems.
  • The additional Web Browser Microsoft Edge (Chromium based) is now additionally supported together with Google Browser and Firefox
  • Several improvements were additionally delivered, e.g. provisioning of embedded online help for ETD Patterns, or an improved usability for the Anomaly Detection Lab and many more.


Next steps:

To find all related details about the new release, please follow me to the SAP Help Portal. Here you can also find all the required technical instructions and files for the upgrade. I hope you enjoy working with the new version of SAP Enterprise Threat Detection.




P.S.: Save trees: please do not print out your application logs.


Please do not hesitate to contact us if you have any questions,


Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Uwe Klein
      Uwe Klein

      Dear Arndt,

      as you mention " SAP systems are in the cloud".  The  so called "Out-of-the-box integration of SAP Cloud Platform Audit Log " is available since June 2019.

      When do you plan to deliver also patterns for cloud applications like SAP BTP Audit log ?