Jun 15 2020
02:34 AM
- last edited on
Dec 23 2021
10:13 AM
by
TechCommunityAP
Jun 15 2020
02:34 AM
- last edited on
Dec 23 2021
10:13 AM
by
TechCommunityAP
Hi everyone, does anyone know if there is a sentinel integration guide for sap? i have not found anything yet.
Thx
Jun 15 2020 07:46 AM
Have you looked at this? https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-syslog-cef-logstash-and-other-3... There are some SAP instructions, note it also says: "requires a SAP account".
Oct 13 2020 07:52 AM
@Garfield-P Download the SAP-SIEM Integration guide from Layer7 https://layersevensecurity.com/whitepapers/ I've also attached it to this thread
Dec 03 2020 03:01 PM
@SAP-SIEM_Guru SAP to Sentinel connector is available? or we can leverage Solution Manager
Dec 03 2020 03:46 PM
@Amit-Lal You don't need a connector. SolMan will output alerts to a log file in the SolMan host. You just need to create a custom log data source in Azure to ingest the file. Based on Azure requirements, the output can be formatted in SolMan to start each entry in the log with a timestamp in a supported format. The default file format is UTF-8. This is also supported by Azure. See https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
Dec 03 2020 03:55 PM
@SAP-SIEM_Guru Thanks for your response. Just looking for SAP Audit and DB logs fetched on Azure Sentinel using syslog connector, that is possible too right?
Dec 03 2020 04:06 PM
@Amit-Lal Yes, the file can be converted to syslog. DB logs can also be monitored by SolMan and included in the output to Azure. This includes HANA