Threat Monitoring Cases – Enterprise Threat Monitor

Enterprise Threat Monitor comes preconfigured with hundreds of SAP specific attack detection and compliance violation rules including those that monitor for unauthorized access to critical data, exploitation of vulnerable SAP functions, malicious usage of debug privileges, and unauthorized creation of users.


Detecting SAP attack patterns

Sample SAP Attack Detection Use Cases

  • SAP debugging is used for bypassing transaction authorizations
  • A malicious SAP transport is imported
  • An unauthorized user assigned a critical SAP role to another user
  • An operating system command is executed using SAP functions


Detecting compliance violations

Sample SAP Compliance Use Cases

  • An SAP system is opened to changes
  • An HR terminated employee’s SAP account is used for connecting to an SAP system
  • Account sharing is detected
  • An incompliant security configuration is detected

Security Configuration

Detecting unintended changes

Sample SAP Security Configuration Monitoring Use Cases

  • Security configuration is changed
  • System modification settings are changed
  • A system configuration parameter is setup insecurely
  • A critical transaction is unlocked