Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert


In today's world, where cyber-attacks are increasing dramatically, companies need to go beyond preventive measures and bring real-time detection and response into the focus. This no longer applies only to the IT infrastructure layer, but also affects business systems such as SAP S/4HANA. Detecting, analyzing and responding to threats is a must to protect core business systems like SAP S/4HANA applications.


We are happy to announce that we have launched the Support Package 3 of SAP Enterprise Threat Detection 2.0.


SAP Enterprise Threat Detection (SAP ETD) is the only real-time security event management and monitoring solution tailored for SAP S/4HANA applications. The solution supports companies that use SAP software to identify and neutralize cyber-attacks in real-time before serious damage occurs.

Our mission is to protect SAP S/4HANA applications and stop critical cyber-attacks.

SAP Enterprise Threat Detection gives transparency in real-time into suspicious (user) behavior an anomaly in SAP business applications to identify and stop security breaches in real-time.

It uses highly efficient and automated processes based on HANA technology and machine learning to track hacker activity using predefined and easily customizable attack path patterns.

SAP Enterprise Threat Detection is built to understand the specific semantics of SAP S/4HANA events, while this otherwise commonly requires massive configuration effort e.g. in SIEM systems.


What is new within this release?

  • The overall strength of SAP Enterprise Threat Detection in detecting attacks in various SAP applications has been improved, and the SAP Enterprise Threat Detection log source portfolio has been expanded to include new integrations for SAP Commerce, SAP Sales Cloud, SAP Service Cloud, and SOAP Web Services logs.

  • Adding more log sources from other SAP and non-SAP on-premise and cloud applications has also become much easier as SAP Enterprise Threat Detection now offers an OData adapter.

  • The communication with traditional SIEM solutions has been improved so that SAP Enterprise Threat Detection now provides an API to retrieve status changes for alerts forwarded to other SIEM solutions.

  • For data protection reasons, the retention period of monitored user accounts can now be configured and user pseudonymization can be tailored to regional data privacy aspects.

  • The SAP Enterprise Threat Detection log collector can now be configured to protect SAP Enterprise Threat Detection against Denial of Service attacks.

  • Protecting the delivery of SAP Enterprise Threat Detection, the JAR files are now signed, and the integrity of the JAR files can be checked. Please see the Implementation Guide for more information.

  • Further enhancements have been made within the Resolve User Identity UI, to show all details for related accounts and within the Log Learning UI, to have additional warnings and matches.


Next steps:

To find all related details about the new release, please follow me to the SAP Help Portal. Here you can also find all the required technical instructions and files for the upgrade. I hope you enjoy working with the new version of SAP Enterprise Threat Detection.




P.S.: Save trees: please do not print out your application logs.


Please do not hesitate to contact us if you have any questions,

1 Comment