Enterprise Resource Planning Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Ultimate Blog Series: SAP LogServ Integration with Microsoft Sentinel

Martin-Pankraz
SAP Champion
SAP Champion
4 weeks ago
722

TLDR; let me deploy already (scroll down there to the prerequisites section)! 

Welcome to the landing page of this blog series on the SAP LogServ solution in Microsoft Sentinel. Find all the things you always wanted to know and more.

 

Beyond Application Monitoring: Complete SAP RISE Visibility

Running RISE with SAP, S/4HANA Cloud Private Edition, or SAP Cloud ERP private? Microsoft Sentinel by itself already delivers powerful SAP application-layer monitoring – tracking SAP user activity, business transactions, and critical events while correlating them with threat signals across your entire IT estate. That's just the beginning.

SAP LogServ is an optional service in your SAP Cloud ERP private package that unlocks access to all logs from SAP's managed services. It takes your security posture to the next level by extending Sentinel's reach deep into your infrastructure managed by SAP. Think complete HANA database insights, system-level security telemetry, and audit trails - all flowing seamlessly into your existing security operations workflow.

The result: Your security team finally gets full visibility into the managed SAP stack, from business logic to infra to database layer.

 

What This Series Covers

Comprehensive guidance from planning your LogServ + Sentinel deployment, log selection, customizing the solution, to advanced threat protection. Blogs are co-authored by SAP and Microsoft engineering.

 

Part

Topic

Limited Preview Announcement

Initial introduction to the solution and integration between LogServ and Microsoft Sentinel

General Availability Announcement

Deployment overview with Step-by-step SAP LogServ connector setup in Sentinel, insights on prerequisites

Part 0: First Smoke test

Due to the asynchronous integration between SAP LogServ and Microsoft Sentinel, it's advisable to perform a smoke test yourself before sharing your config data with SAP for speedy onboarding. Here is how.

Part 1: Microsoft Sentinel for SAP goes agentless

SAP ERP Application layer integration with agentless data connector in Sentinel Solution for SAP

Part 2: How to customize your SAP LogServ solution in Microsoft Sentinel

Understand log types available in LogServ (volume, cost, threat protection value, etc); how to filter logs, and how to customize the solution in Sentinel

Part 3: Deploy built-in detection rules and extend to your needs

See the already available analytic rules shipped by SAP, and discover how to craft your own based on your needs

 

Target audiences: SAP Basis admins, security architects, SOC analysts, and compliance teams looking to enhance their SAP monitoring capabilities.

 

 

Architecture Overview

Reference diagrams for planning your implementation

Detailed Component Architecture

MartinPankraz_0-1749734996404.png

 

High-Level Integration Flow across the whole stack

MartinPankraz_1-1749734996417.png

 

Ready to transform your SAP Cloud ERP private security posture? Let's get started from here.

Which logs from RISE do you need most? Let me know in the comments or reach out directly.

Cheers Martin and Hemanth