Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
Private_Member_12087
Product and Topic Expert
Product and Topic Expert
0 Kudos
1,105

SP03 brings some significant improvements to SAP Enterprise Threat Detection. A major focus was on throughput, performance, and sizing. A visible manifestation of this is the disappearance of the details table and the expansion of the header table. However, in this blog I am going to mention two functional features that stand out.

SIEM Integration

Many security operations have already invested heavily in one or other SIEM solution and are looking to SAP Enterprise Threat Detection to cover the SAP part of their landscape. Ideally, the two solutions should be able to exchange information about what is happening in the areas that they are covering. SAP Enterprise Threat Detection alerts can now be sent (pulled or pushed) in JSON format.

This topic will be covered in more detail in the April edition of SAPinsider magazine (now also here).

Semantic Attributes

This a subject that deserves its own blog so I will merely touch upon it here. In SP02 we introduced semantic events. Now we have semantic attributes, which complete the meaning of semantic events. Events, concepts, and the relationships between them are standardized. Consistent use of events and attributes across sources makes it easier to do cross-log analysis. The bubble diagram shown in the screenshot is new way of displaying and quickly filtering the attributes in the forensic lab.

Relevant SAP Notes

2192334 - Release Note SAP Enterprise Threat Detection 1.0 SP03

1 Comment
Labels in this area