Deploy Microsoft Sentinel Solution for SAP

This article introduces you to the process of deploying the Microsoft Sentinel Solution for SAP. The full process is detailed in a whole set of articles linked under Deployment milestones.

Note

If needed, you can update an existing Microsoft Sentinel for SAP data connector to its latest version.

Overview

Microsoft Sentinel Solution for SAP is a Microsoft Sentinel solution that you can use to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers. The solution includes the following components:

  • The Microsoft Sentinel for SAP data connector for data ingestion.
  • Analytics rules and watchlists for threat detection.
  • Functions for easy data access.
  • Workbooks for interactive data visualization.
  • Watchlists for customization of the built-in solution parameters.

Note

The Microsoft Sentinel for SAP solution is free to install, but there will be an additional hourly charge for activating and using the solution on production systems starting May 2023.

  • The additional hourly charge applies to connected production systems only.
  • Microsoft Sentinel identifies a production system by looking at the configuration on the SAP system. To do this, Microsoft Sentinel searches for a production entry in the T000 table.
  • View the roles of your connected production systems.

The Microsoft Sentinel for SAP data connector is an agent, installed on a VM or a physical server that collects application logs from across the entire SAP system landscape. It then sends those logs to your Log Analytics workspace in Microsoft Sentinel. You can then use the other content in the Threat Monitoring for SAP solution – the analytics rules, workbooks, and watchlists – to gain insight into your organization's SAP environment and to detect and respond to security threats.

Deployment milestones

Follow your deployment journey through this series of articles, in which you'll learn how to navigate each of the following steps.

Note

If needed, you can update an existing Microsoft Sentinel for SAP data connector to its latest version.

Milestone Article
1. Deployment overview YOU ARE HERE
2. Deployment prerequisites Prerequisites for deploying the Microsoft Sentinel Solution for SAP
3. Prepare SAP environment Deploying SAP CRs and configuring authorization
4. Deploy data connector agent Deploy and configure the container hosting the data connector agent
5. Deploy SAP security content Deploy SAP security content
6. Microsoft Sentinel Solution for SAP Configure Microsoft Sentinel Solution for SAP
7. Optional steps - Configure auditing
- Configure Microsoft Sentinel for SAP data connector to use SNC
- Configure audit log monitoring rules
- Select SAP ingestion profiles

Next steps

Begin the deployment of the Microsoft Sentinel Solution for SAP by reviewing the prerequisites: