Microsoft Sentinel and SAP: How can these systems be leveraged to have continuous threat monitoring in SAP systems? How do you protect data security in SAP with this tool?
A recent but promising solution for Continuous Threat Monitoring management for SAP systems.
Microsoft Sentinel is a SIEM (security information and event management). We have talked about it on several occasions:
Microsoft then developed connectors and, more importantly, a logic for analyzing the data collected by SAP systems within its SIEM solution.
Until February 2023 it could be used by everyone without subscription (with Azure already active). In fact the solution, released by Microsoft recently, was on trial. Then the trial period was extended (until April 30, 2023), but after that it will become pay-as-you-go. Probably, the metric will be based on traffic generated.
All customers who already have the Sentinel solution and SAP, can activate it to start using this system.
Microsoft has already created a set of rules that can be activated within the solution
In some cases, you can influence them through watchlists or you can create new ones through Kusto Query Language (KSQL).
It is important to remember that many of these rules rely on reading the data recorded in SAP via the Security Audi Log, which clearly must be active and configured.
Following the SAP and Microsoft guidance in this regard there are the following important macro-steps:
Contact us if you would like to find out what we have done and how we have configured it in business realities.