Enterprise Resource Planning Blogs by Members
Gain new perspectives and knowledge about enterprise resource planning in blog posts from community members. Share your own comments and ERP insights today!
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Martin-Pankraz
Active Contributor

NEWS FEED

13.07.23 ๐ŸŽฅWitness the Microsoft Security Copilot in action and follow an SAP environment breach with a weak password from initial entry to lateral movement within the SAP landscape.
06.07.23 ๐Ÿ“ฐSAP playbook for Audit Log Collector attack added featuring multi staged attacks๐Ÿ˜
28.06.23 ๐Ÿง‘๐Ÿฝโ€๐Ÿ’ปDetailed guidance for Logic Apps (Standard) added here.
22.05.23 ๐Ÿ“ฐSAP playbook for audit log re-enablement added

Dear community,

This blog series sheds light on the plug-and-play automation content available to act on suspicious๐Ÿ•ต๐Ÿฝโ€โ™‚๏ธ activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.

Get started with below out-of-the-box scenarios based on Azure Logic Apps:

๐Ÿ”—Part 1 โ€“ Basic SAP User blocking (quickstart template)Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible
๐Ÿ”—Part 2 โ€“ Advanced SAP User blocking (enterprise grade)Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration
๐Ÿ”—Part 3 โ€“ SAP Audit Log re-enable
Automatically trigger re-activation of the SAP Auditlog if deactivated
 
๐Ÿ”—Part 4 โ€“ Sentinel Collector Agent attack (blinding the auditor scenario)Sophisticated scenario distinguishing between SAP maintenance events and malicious deactivationโ˜ ๏ธ of the audit log ingestion into Sentinel using Azure Center for SAP Solutions  (ACSS) health APIsโค๏ธ
๐Ÿ”—Part 5 โ€“ Next best scenario requested by you or shared by the community ๐Ÿ˜Š 

Find the equivalent for Azure Logic Apps (Standard) on our Azure GitHub repos with detailed guidance.

See the comparison between the two options here.

Supporting posts

Learn about modularizing flows and nesting for ease of maintenance:
Microsoft Sentinel Automation Tips & Tricks โ€“ Part 2: Playbooks - Microsoft Community Hub
Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs
Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities

References

Microsoft Sentinel incident response playbooks for SAP | Microsoft Learn
SAP Certification reference: SAP Certified Solutions Directory | Microsoft Sentinel
Deploy Microsoft Sentinel solution for SAPยฎ applications in Microsoft Sentinel | Microsoft Learn
Integrating Azure with SAP RISE managed workloads | Microsoft Learn
Microsoft Sentinel solution for SAPยฎ applications - security content reference | Microsoft Learn
How to use Microsoft Sentinel's SOAR capabilities with SAP | TechCommunity
Azure-Sentinel/Solutions/SAP/Playbooks ยท Azure/Azure-Sentinel ยท GitHub

As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.

Cheers
Martin