|
Collecting security events and context information |
-
Collect security-related information from your system landscape
-
Customize the integration of non-SAP systems and infrastructure components
-
Normalize original data to the semantic data model of SAP Enterprise Threat Detection
-
Enrich the log data with context information
-
Pseudonymize the user data
-
User resolution with special authorization in case of evidence of an attack or misuse
- Combine user accounts belonging to the same physical person for user correlation
|
|
Monitoring and analyzing events and alerts |
-
Gain an overview of what is happening in your system landscape in real time
-
Be alerted in case of suspicious system or user behavior
-
Search over large amounts of log data
-
Detect threats at the application server level and at the database level
-
Perform forensic analyses to discover previously unknown attack variants
-
Visualize events and alerts
-
Use the built-in or your own patterns to find suspicious activities and anomalies
|
|
Developing your own patterns |
-
Create attack detection patterns without the need to code
-
Configure regular automatic execution of your patterns
-
Create your own monitoring pages
|
| Log management |
-
Store original and normalized data in hot, warm, and cold storage for operational security or compliance reasons, respectively
-
Set up a two-tier system landscape to enable parallel development and test activities with productive use
-
Support native storage extension as warm storage on SAP HANA
|
| Log data and alerts |
-
Correlate any data without data preparation or indexation and perform end-to-end analysis
-
Easy ingestion of any non-SAP log data via ‘Log Learning’
-
Conduct attack investigations based on generated alerts and publish alerts to enable integration with external processes and solutions
|
| Ad-hoc investigation |
-
Role-independent search using Sherlog
-
Create case file from analysis
-
Create attack path from case file
-
Generate pattern from attack path
|
| Immediate log transfer using kernel API |
-
Use API at the kernel level of SAP NetWeaver AS for ABAP to send the following logs directly to SAP Enterprise Threat Detection: Security Audit Log, Read Access Log, HTTP Server Log, HTTP Client Log, Web Dispatcher Log.
-
High manipulation security because the log transfer cannot be switched off and the logs cannot be manipulated in the ABAP application server.
|
| Content packages |
-
Delivers predefined patterns, charts and monitoring pages for SAP Enterprise Threat Detection as content on a regular basis
-
Content packages can directly be used when you connect an SAP system.
|
| Compliance |
-
Restrict access to SAP Enterprise Threat Detection using the comprehensive authorization concept
-
Ensure segregation of duty
-
Customize retention times
-
Record actions that show which actions have been performed by which user in SAP Enterprise Threat Detection
|
| SAP Enterprise Threat Detection Streaming |
-
Streaming solution for SAP Enterprise Threat Detection that receives logs from log providers, pre-processes the logs and stores them in the SAP HANA database and other storage locations.
-
Keep track of any unauthorized changes in the configuration of SAP Enterprise Threat Detection Streaming by using configuration file monitoring
|
| Pricing independent of data volume |
Pricing based on monitored users, independent of log volume |
| Inclusion of SAP HANA in-memory database for high performance |
SAP HANA in-memory database and SAP HANA platform enable analysis tasks to be processed directly on the data in the HANA memory |
| Integration of SAP Business Technology Platform Audit Log |
Connect SAP Business Technology Platform Audit Logs in the Neo environment and the Cloud Foundry environment |
| Replay attack detection patterns |
Apply new attack detection patterns to existing historic data and post-process attack detection patterns after a log outage to prevent alert loss |
| Integration of configuration validation |
Connect partner solutions to SAP Enterprise Threat Detection and send their configuration validation results |
| Integration with Splunk |
Connect Splunk to consume Splunk logs and alerts and publish SAP Enterprise Threat Detection alerts to Splunk |
| Configuration file monitoring for SAP Enterprise Threat Detection Streaming applications |
Keep track of any unauthorized changes in the configuration of SAP Enterprise Threat Detection Streaming by using configuratoin file monitoring |
| Generic OData Adapter as additional subscriber |
Allows to consume logs exposed over OData services and thus extends integration possibilities of SAP Enterprise Threat Detection |
| Integration with S/4HANA Cloud |
Connect Security Audit Logs from SAP S/4HANA Cloud |