Skip to Content
Technical Articles
Author's profile photo Martin Pankraz

From zero to hero security coverage with Microsoft Sentinel for your critical SAP security signals – blog series

NEWS FEED

22.05.23 SAP playbook for audit log re-enablement added😍

Dear community,

This blog series sheds light on the plug-and-play automation content available to act on suspicious🕵🏽‍♂️ activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.

Get started with below out-of-the-box scenarios:

🔗Part 1Basic SAP User blocking (quickstart template) Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible
🔗Part 2Advanced SAP User blocking (enterprise grade) Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration
🔗Part 3SAP Audit Log re-enable

Automatically trigger re-activation of the SAP Auditlog if deactivated

 

🔗Part 4 – Next best scenario requested by you or shared by the community 😊

Supporting blog posts

Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs

Revolutionize your SAP Security with Microsoft Sentinel’s SOAR Capabilities

 

References

SAP Certified Solutions Directory | Microsoft Sentinel

Deploy Microsoft Sentinel solution for SAP® applications in Microsoft Sentinel | Microsoft Learn

Integrating Azure with SAP RISE managed workloads | Microsoft Learn

Microsoft Sentinel solution for SAP® applications – security content reference | Microsoft Learn

How to use Microsoft Sentinel’s SOAR capabilities with SAP | TechCommunity

 

As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.

 

Cheers

Martin

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.