SAP SIEM Integration with TrustWave, AccelOps, SolarWinds, BlackStratus SIEMStorm or Ticketing Systems such as ServiceNow and BMC Remedy
SAP SIEM connectivity with solutions such as TrustWave, AccelOps, SolarWinds, BlackStratus SIEMStorm and others including ticketing systems with ServiceNow and BMC Remedy can be accomplished by Enterprise Threat Monitor in a couple of steps.
ETM has over 300 SAP specific threat detection cases built-in, which includes 0-day SAP attack signatures, common attacks such using debugging on SAP to bypass authorizations, and compliance related issues such as SAP account sharing or download of customer data.
Configuration of customer specific Z* or Y* tables, SAP reports and transactions can be easily accomplished in the Enterprise Threat Monitor customizations wizard.
For connecting SIEM solutions and ticketing systems with SAP security events, Enterprise Threat Monitor uses the native interfaces of SAP and it analyzes the realtime SAP security events using its correlation engine. ETM then uses machine learning to eliminate false positives and noise.
The result is high quality offense information in CEF, Leef or generic syslog format, which is ready to be consumed by your SIEM solution or your ticketing system.
Use cases for SAP Security Monitoring with Enterprise Threat Monitor
Enterprise Threat Monitor has more than 300 high quality threat monitoring cases preconfigured. These threat detection cases are professionally maintained and regularly updated. The threat monitoring cases are automatically updated without requiring any manual intervention.
Some of the use cases are listed below:
- SAP debugging is misused for bypassing transaction authorizations
- An unauthorized user assigned a critical SAP role or profile to another user
- A user downloaded customer master data or payroll list to its PC
- Sharing of SAP user accounts
- Failed logons of multiple SAP users originating from the same workstation
- A production SAP system is opened to modifications
- An HR terminated employee’s SAP user account is used for connecting to an SAP system
Integration works as the following:
- Download Enterprise Threat Monitor:
- Follow the steps for connecting your SAP systems:
- Use built-in SIEM wizard to add your SIEM system such as McAfee SIEM
- For integrating with ServiceNow, Remedy, or internal ticketing systems, use the ETM Response Actions interface
- Send a test event
- DONE!
Detailed Steps:
The detailed steps are explained in Enterprise Threat Monitor SAP Events Integration Guide for SIEM and ticketing systems. Please contact us for obtaining a copy of it.