Enterprise Resource Planning Blogs by Members
Gain new perspectives and knowledge about enterprise resource planning in blog posts from community members. Share your own comments and ERP insights today!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

From zero to hero security coverage with Microsoft Sentinel for your critical SAP security signals – blog series

Martin-Pankraz
Active Contributor
‎05-22-2023 5:06 PM

NEWS FEED

13.07.23 🎥Witness the Microsoft Security Copilot in action and follow an SAP environment breach with a weak password from initial entry to lateral movement within the SAP landscape.
06.07.23 📰SAP playbook for Audit Log Collector attack added featuring multi staged attacks😍
28.06.23 🧑🏽‍💻Detailed guidance for Logic Apps (Standard) added here.
22.05.23 📰SAP playbook for audit log re-enablement added

Dear community,

This blog series sheds light on the plug-and-play automation content available to act on suspicious🕵🏽‍♂️ activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.

Get started with below out-of-the-box scenarios based on Azure Logic Apps:

🔗Part 1Basic SAP User blocking (quickstart template)Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible
🔗Part 2Advanced SAP User blocking (enterprise grade)Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration
🔗Part 3SAP Audit Log re-enable
Automatically trigger re-activation of the SAP Auditlog if deactivated
 
🔗Part 4 Sentinel Collector Agent attack (blinding the auditor scenario)Sophisticated scenario distinguishing between SAP maintenance events and malicious deactivation☠️ of the audit log ingestion into Sentinel using Azure Center for SAP Solutions  (ACSS) health APIs❤️
🔗Part 5 – Next best scenario requested by you or shared by the community 😊 

Find the equivalent for Azure Logic Apps (Standard) on our Azure GitHub repos with detailed guidance.

See the comparison between the two options here.

Supporting posts

Learn about modularizing flows and nesting for ease of maintenance:
Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks - Microsoft Community Hub
Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs
Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities

References

Microsoft Sentinel incident response playbooks for SAP | Microsoft Learn
SAP Certification reference: SAP Certified Solutions Directory | Microsoft Sentinel
Deploy Microsoft Sentinel solution for SAP® applications in Microsoft Sentinel | Microsoft Learn
Integrating Azure with SAP RISE managed workloads | Microsoft Learn
Microsoft Sentinel solution for SAP® applications - security content reference | Microsoft Learn
How to use Microsoft Sentinel's SOAR capabilities with SAP | TechCommunity
Azure-Sentinel/Solutions/SAP/Playbooks · Azure/Azure-Sentinel · GitHub

As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.

Cheers
Martin

Labels in this area
Popular Blog Posts