Can SAP Logs be intergrated with a SEIM tool like ...

former_member594130 · ‎06-29-2018

We want to inegrate our SEIM tool with SAP but everything I am seeing states I need to either purchase ETD or another third party solution. I was wondering if anyone knows af the logs can be sent to QRadar without this and if so do you know of a link for implementing this type of solution.

ivan-ae · ‎08-02-2018

Dear Michael,

you can surely integrate SAP security monitoring capabilities into your SIEM without additional tooling. Some SIEM providers do have extractors or provide connectors which can easily be fed from SAP. There are however major drawbacks:

* Volume : security audit log files, gateway logs, system logs, ... are often far to large to be shipped on a continuous basis

* Correlation : Once you have build your data lake you will face the effort the build use cases. Often singular events are harmless until correlated into an actual cross platform attack pattern

* Security relevance : majority of all log sources contains data which simply is not security relevant. How to find the signal within all the noise?

* Coverage : lots of SAP security intelligence goes beyond process plain logs. How would you alert on critical data extraction, identify theft, ...

Best Regards, Ivan

Can SAP Logs be intergrated with a SEIM tool like QRadar without SAP ETD or a third party software?

Accepted Solutions (0)

Answers (1)

Answers (1)

[XSLT]: Dynamic rows creation and values(in column...

Timer showing while sending the mails from SAP

Re: Transporting SAP Build Process Automation Proj...

Re: In SAP PO we are trying to extract an excel wi...

Data Services nest and unnest produce input ^2 rec...