NEWS FEED30.05.24 ⛔disrupt attacks on SAP as they happen now out-of-the-box! 13.07.23 🎥Witness the Microsoft Security Copilot in action and follow an SAP environment breach with a weak password from initial entry to lateral movement within the SAP landscape. |
Dear community,
This blog series sheds light on the plug-and-play automation content available to act on suspicious🕵🏽♂️ activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.
Besides consider the new out-of-the-box SAP disrupt capability⛔.
🔗Part 1 – Basic SAP User blocking (quickstart template) | Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible |
🔗Part 2 – Advanced SAP User blocking (enterprise grade) | Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration |
🔗Part 3 – SAP Audit Log re-enable | Automatically trigger re-activation of the SAP Auditlog if deactivated |
🔗Part 4 – Sentinel Collector Agent attack (blinding the auditor scenario) | Sophisticated scenario distinguishing between SAP maintenance events and malicious deactivation☠️ of the audit log ingestion into Sentinel using Azure Center for SAP Solutions (ACSS) health APIs❤️ |
🔗Part 5 – Next best scenario requested by you or shared by the community 😊 |
See the comparison between the two options here.
Learn about modularizing flows and nesting for ease of maintenance:
Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks - Microsoft Community Hub
Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs
Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities
Microsoft Sentinel incident response playbooks for SAP | Microsoft Learn
SAP Certification reference: SAP Certified Solutions Directory | Microsoft Sentinel
Deploy Microsoft Sentinel solution for SAP® applications in Microsoft Sentinel | Microsoft Learn
Integrating Azure with SAP RISE managed workloads | Microsoft Learn
Microsoft Sentinel solution for SAP® applications - security content reference | Microsoft Learn
How to use Microsoft Sentinel's SOAR capabilities with SAP | TechCommunity
Azure-Sentinel/Solutions/SAP/Playbooks · Azure/Azure-Sentinel · GitHub
As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.
Cheers
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 |