Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Notify Admin when a script runs on SAP GUI

former_member1374306
Member

‎2023 Mar 21 9:05 AM

0 Kudos
503

I want to keep the Scripting enabled but notify the Admin whenever a script runs on SAP GUI. Is there such a trigger or event notification that achieves this.?

2 REPLIES 2

moshenaveh
Community Manager
Community Manager

‎2023 Mar 21 9:06 AM

0 Kudos
263

Welcome to the SAP Community. Thank you for visiting us to get answers to your questions.

Since you're asking a question here for the first time, I'd like to offer some friendly advice on how to get the most out of your community membership and experience.

First, please see https://community.sap.com/resources/questions-and-answers, as this resource page provides tips for preparing questions that draw responses from our members. Second, feel free to take our Q&A tutorial at https://developers.sap.com/tutorials/community-qa.html, as that will help you when submitting questions to the community.

I also recommend that you include a profile picture. By personalizing your profile, you encourage readers to respond: https://developers.sap.com/tutorials/community-profile.html.

Now for some specific suggestions on how you might improve your question:

* Outline what steps you took to find answers (and why they weren't helpful) -- so members don't make suggestions that you've already tried.

* Make sure you've applied the appropriate tags -- because if you don't apply the correct tags, the right experts won't see your question to answer it.

Should you wish, you can revise your question by selecting Actions, then Edit.

The more details you provide (in questions tagged correctly), the more likely it is that members will be able to respond.

I hope you find this advice useful, and we're happy to have you as part of SAP Community!

marco_hammel2
Participant

‎2023 Mar 21 4:46 PM

0 Kudos
263

Hi Suyash,

Unfortunately, there is no server side event to log if a certain action has been carried out by a script or by human interaction. This is because the authorization check for S_SCR is performed right after logon and the result only impacts the SAP GUI connection to the Windows scripting host of the user's client.

As a result you have two options:

1. correlate SAP server-side event with Windows events related to the Active X Object sapfewse.ocx of the Windows scripting host of the user

2. Make plausibility rules on SAP server-side events if the events are likely being performed by human interaction or by a script.

Both cases are something, you'd need to design a proper SOC runbook. I suggest you first start to determine the threat scenarios you want to put detective controls on. Maybe active countermeasures and deception can be appropriate compensating measures too. We have a training for this https://academy.no-monkey.com/course/identify-and-neutralize-the-bad-guys-an-introduction-to-securit...


I hope this helps.

BR

Marco