Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SuccessFactors & SIEM Integration

M1WXY
Discoverer

on ‎2025 Dec 08 8:55 AM

0 Likes
345

Hi, 
Does anybody have any information relating to SF and SIEM integration?   There was an API in the Roadmap for Q4 2025 "Audit Log Retrieval", but that now seems to have dropped off the roadmap. 

How do others currently integrate SF with SIEM solutions?  

Thanks

Mark

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

geronasso
Product and Topic Expert
Product and Topic Expert
‎2025 Dec 08 2:17 PM

SuccessFactors SIEM Integration Options

Based on the current SAP landscape, here are the available approaches for integrating SuccessFactors with SIEM solutions:

Current Integration Challenges

Audit Log Retrieval API Status You're correct that the dedicated "Audit Log Retrieval" API for SuccessFactors appears to have been removed from the Q4 2025 roadmap. This creates a gap for direct SIEM integration capabilities [1].

Available Integration Approaches

1. Custom Integration via SuccessFactors APIs

OData API Integration

  • Leverage existing SuccessFactors OData APIs to extract audit-relevant data
  • Use Integration Center for API-based data extraction without middleware [2]
  • Configure scheduled data pulls for security events and user activities
  • Transform data into SIEM-compatible formats (JSON, CEF, LEEF)

Implementation Approach:

  • Identify relevant SuccessFactors entities (User, Role, Login events)
  • Create custom integration flows using available APIs
  • Schedule regular data extraction and transformation
  • Push formatted logs to SIEM via REST APIs or file drops

2. SAP Enterprise Threat Detection (ETD) Integration

ETD as Intermediary While there's no out-of-the-box SuccessFactors-ETD integration, you can build custom connections using ETD's provided interfaces [3]:

  • Utilize ETD's REST APIs for log ingestion
  • Configure ETD to normalize SuccessFactors data
  • Forward processed events to your primary SIEM solution

3. File-Based Integration Methods

Export and Transfer Approach

  • Configure SuccessFactors to export audit logs to secure file locations
  • Use SIEM agents to collect and parse log files
  • Implement proper file encoding handling (common SIEM integration challenge) [4]

Considerations:

  • Ensure proper file format compatibility with your SIEM
  • Address encoding issues that may prevent SIEM agents from reading files
  • Implement secure file transfer mechanisms

4. SAP BTP Audit Log Integration Pattern

Leverage BTP Integration Capabilities Following the pattern used for SAP BTP SIEM integration [5]:

  • Use SAP BTP as an integration layer
  • Configure audit log forwarding from SuccessFactors through BTP
  • Implement JSON-based log formatting for SIEM consumption
  • Utilize communication scenario patterns similar to SAP_COM_0750 [6][7]

Implementation Recommendations

Immediate Solution:

  1. API-Based Custom Integration - Most viable current approach
  2. Use Integration Center for simplified API connectivity [2]
  3. Implement JSON formatting for SIEM compatibility
  4. Schedule regular data extraction to maintain near real-time visibility

Long-term Strategy:

  • Monitor SAP roadmaps for restored audit log APIs
  • Consider SAP's broader SIEM integration strategy as it evolves
  • Evaluate ETD integration as SAP's security ecosystem matures

Best Practices:

  • Implement proper error handling and retry mechanisms
  • Ensure data privacy compliance when extracting audit information
  • Test thoroughly with your specific SIEM solution's parsing capabilities
  • Document custom integration for maintenance and updates
Show replies
Show replies
Ask a Question