Deploy SAP security content in Microsoft Sentinel

This article shows you how to deploy Microsoft Sentinel security content into your Microsoft Sentinel workspace. This content makes up the remaining parts of the Microsoft Sentinel Solution for SAP.

Deployment milestones

Track your SAP solution deployment journey through this series of articles:

  1. Deployment overview

  2. Deployment prerequisites

  3. Prepare SAP environment

  4. Deploy data connector agent

  5. Deploy SAP security content (You are here)

  6. Configure Microsoft Sentinel Solution for SAP

  7. Optional deployment steps

Deploy SAP security content

Deploy the SAP security content from the Microsoft Sentinel Content hub and Watchlists areas.

Deploying the Microsoft Sentinel Solution for SAP causes the Microsoft Sentinel for SAP data connector to be displayed in the Microsoft Sentinel Data connectors area. The solution also deploys the SAP - System Applications and Products workbook and SAP-related analytics rules.

To deploy SAP solution security content, do the following:

  1. In Microsoft Sentinel, on the left pane, select Content hub (Preview).

    The Content hub (Preview) page displays a filtered, searchable list of solutions.

  2. To open the SAP solution page, select Microsoft Sentinel Solution for SAP.

    Screenshot of the 'Microsoft Sentinel Solution for SAP' solution pane.

  3. To launch the solution deployment wizard, select Create, and then enter the details of the Azure subscription, resource group, and Log Analytics workspace (the one used by Microsoft Sentinel) where you want to deploy the solution.

  4. Select Next to cycle through the Data Connectors, Analytics, and Workbooks tabs, where you can learn about the components that will be deployed with this solution.

    For more information, see Microsoft Sentinel Solution for SAP: security content reference.

  5. On the Review + create tab pane, wait for the Validation Passed message, then select Create to deploy the solution.

    Tip

    You can also select Download a template for a link to deploy the solution as code.

  6. After the deployment is completed, a confirmation message appears at the upper right.

    To display the newly deployed content, go to:

  7. In Microsoft Sentinel, go to the Microsoft Sentinel for SAP data connector to confirm the connection:

    Screenshot of the Microsoft Sentinel for SAP data connector page.

    SAP ABAP logs are displayed on the Microsoft Sentinel Logs page, under Custom logs:

    Screenshot of the SAP ABAP logs in the 'Custom Logs' area in Microsoft Sentinel.

    For more information, see Microsoft Sentinel Solution for SAP solution logs reference.

Next steps

Learn more about the Microsoft Sentinel Solution for SAP:

Troubleshooting:

Reference files:

For more information, see Microsoft Sentinel solutions.