cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Enterprise Threat Detection

former_member1184402
Member

on ‎01-15-2019 4:57 PM

0 Kudos

Hi everyone,

I have a few questions about Enterprise Threat Detection. Is there a contact person that can help me?

Most important questions are: How much time does it need for implementation, what prerequisites are needed (special server or can it be implemented on any windows/linux server)?

How is data forwarded into splunk?

Is UBA and machine learning available?

And is it possible to update it automatically or still manual?

How is the licensing model working? Does one pay per SID or user?

And is there a 24/7 support/ german support available?

Thx a lot,

Mary

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

zbasilio
Member
‎07-31-2019 9:27 PM

Hi Mary,

You may not need ETD if you're running SolMan in your landscape. SolMan can act as a middleware for event monitoring between your SAP systems and Splunk. SolMan's Monitoring and Alerting infrastructure (MAI) can connect directly to SAP logs and detect Indicators of Compromise (IOCs). Security alerts are generated by MAI and written to an external file that is periodically pushed to Splunk by OS command. This approach doesn't require any additional hardware or software.

Let me know if you need further details. I'd be glad to help.

Regards,

Zarah

Show replies
Show replies
jona_hassforther
Explorer
‎01-16-2019 10:22 PM
0 Kudos

Hi Mary,

Thank you for your message.
Regarding your questions:

1. How much time does it need for implementation, what prerequisites are needed (special server or can it be implemented on any windows/linux server)?

The time needed for the implementation depends on the scope and requirements you want to cover with SAP Enterprise Threat Detection (SAP ETD) e.g. number and type of systems you want to monitor with SAP ETD or the setup regarding high availability requirements, etc. SAP ETD is a native SAP HANA application and therefore can be implemented on servers supported by SAP HANA.

2. How is data forwarded into splunk?

SAP ETD supports the so-called Alert Publishing API, which allows you to push or pull the alerts from SAP ETD to external systems such as Splunk. For more details see our implementation guide for Alert Publishing.

3. Is UBA and machine learning available?

SAP ETD supports the so-called Anomaly Detection, which allows you to analyse and detect anomalous behaviour of e.g. users or systems. You can make use of Anomaly Detection Patterns delivered with the tool and/or you can even create your own ones observing specific activities in your system landscape. For more information see our documentation for Anomaly Detection.

Further SAP ETD supports the detection of malicious domain calls. For more information, please see our documentation for Detection of Malicious Domains.

4. And is it possible to update it automatically or still manual?

The above mentioned functionalities automatically calculates and adapts the reference data for usual behaviour based on the individual activities in your system landscape. Manual fine-tuning might be needed when making use of these functionalities.

5. How is the licensing model working? Does one pay per SID or user?

SAP ETD as an on premise product requires a perpetual license and allows you to license and pay for number of users you need to monitor. For more information, please contact your SAP account executive.

6. And is there a 24/7 support/ german support available?

Standard SAP product support is given. SAP ETD Development is located in Germany.

Here are further links:

Please feel free to contact me directly, if you need further details regarding SAP ETD.

Kind regards,
Jona

Show replies
Show replies
Ask a Question