Deploy Microsoft Sentinel Solution for SAP

This article introduces you to the process of deploying the Microsoft Sentinel Solution for SAP. The full process is detailed in a whole set of articles linked under Deployment milestones below.

Overview

Microsoft Sentinel Solution for SAP is a Microsoft Sentinel solution that you can use to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers. The solution includes the following components:

  • The Microsoft Sentinel for SAP data connector for data ingestion.
  • Analytics rules and watchlists for threat detection.
  • Functions for easy data access.
  • Workbooks for interactive data visualization.
  • Watchlists for customization of the built-in solution parameters.

The solution is free until February 2023, when an additional cost will be added on top of the ingested data. Learn more about pricing.

The Microsoft Sentinel for SAP data connector is an agent, installed on a VM or a physical server, that collects application logs from across the entire SAP system landscape. It then sends those logs to your Log Analytics workspace in Microsoft Sentinel. You can then use the other content in the Threat Monitoring for SAP solution – the analytics rules, workbooks, and watchlists – to gain insight into your organization's SAP environment and to detect and respond to security threats.

Deployment milestones

Follow your deployment journey through this series of articles, in which you'll learn how to navigate each of the following steps:

Milestone Article
1. Deployment overview YOU ARE HERE
2. Deployment prerequisites Prerequisites for deploying the Microsoft Sentinel Solution for SAP
3. Prepare SAP environment Deploying SAP CRs and configuring authorization
4. Deploy data connector agent Deploy and configure the container hosting the data connector agent
5. Deploy SAP security content Deploy SAP security content
6. Microsoft Sentinel Solution for SAP Configure Microsoft Sentinel Solution for SAP
7. Optional steps - Configure auditing
- Configure Microsoft Sentinel for SAP data connector to use SNC

Next steps

Begin the deployment of the Microsoft Sentinel Solution for SAP by reviewing the prerequisites: