Hello Rome,

 When talking about SAP SuccessFactors, it's important to clearly differentiate between technical logs and functional logs.

 Technical Logs

 Since SAP SuccessFactors is a SaaS solution, SAP handles all the technical logs related to the infrastructure and server side. SAP SuccessFactors complies with all relevant legal requirements applicable to its monitoring and logging activities.

Activities are logged and reviewed by various mechanisms such as: RSA, SysLog, NIDS, HIDS, OSSIM and Database logging.

SAP has Security Information and Event Management (SIEM) systems for analysis, reporting and alerting. All critical systems and infrastructure components within the SAP Cloud need to log relevant data. This is enabled via the security configuration compliance checks and event monitoring. General security monitoring is performed 24x7 for all activities. Resulting warnings and alerts are processed via ticketing system and critical events are handled according to the incident management process. You can find additional information in “My SAP trust Center” (https://support.sap.com/en/my-support/trust-center.html).

 As a SAP SuccessFactors customer, this is something you don't need to worry about. It's part of the promise for a lower Total Cost of Ownership (TCO) and enhanced security.

Functional Logs

In addition, SAP SuccessFactors is not a black box. As a customer, you have access to various tools and audit logs to understand what is being processed within the solution.

Customers have access to changes logs for people data, login reports, workflow logging, security audit reports like permission or configuration changes, etc.

You will have complete control over the business configuration of your environment and the logs / tools to monitor changes to and usage of the system by your users.

Some audits logs are available via Apis, other could be generated in flat files over the sFTP, other in reports.

Further details?  Please go thru our reference change Audit Documentation guide →  🔗Change Audit | SAP Help Portal Guide  

SAP does not offer an out-of-the-box connector for any SIEM, but you have the capability to use middlewares such as SAP BTP Integration Suite with oData APIs or dedicated connectors like SPLUNK, to filter and push audit data into your SIEM system.

In the release of May 2024, SAP SuccessFactors started to adopt SAP BTP Audit Log Services to centralize and unify Logs access, and it will simplify for sure the exchange process in the coming releases. [Reference: DRTM Audit Data Purge Deprecation and Transition to BTP Audit Log Service - SAP Community ]