Forum Discussion

Garfield-P's avatar
Garfield-P
Copper Contributor
Jun 15, 2020

SAP to Sentinel?

Hi everyone, does anyone know if there is a sentinel integration guide for sap? i have not found anything yet.   Thx  
Log Data
SAP-SIEM_Guru's avatar
SAP-SIEM_Guru
Copper Contributor
Dec 03, 2020

Amit-Lal You don't need a connector. SolMan will output alerts to a log file in the SolMan host. You just need to create a custom log data source in Azure to ingest the file. Based on Azure requirements, the output can be formatted in SolMan to start each entry in the log with a timestamp in a supported format. The default file format is UTF-8. This is also supported by Azure. See https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

Amit-Lal's avatar
Amit-Lal
Icon for Microsoft rankMicrosoft
Dec 03, 2020

SAP-SIEM_Guru Thanks for your response. Just looking for SAP Audit and DB logs fetched on Azure Sentinel using syslog connector, that is possible too right?

  • SAP-SIEM_Guru's avatar
    SAP-SIEM_Guru
    Copper Contributor
    Dec 04, 2020

    Amit-Lal Yes, the file can be converted to syslog. DB logs can also be monitored by SolMan and included in the output to Azure. This includes HANA

Resources