Deploy Microsoft Sentinel solution for SAP® applications
This article introduces you to the process of deploying the Microsoft Sentinel solution for SAP® applications. The full process is detailed in a whole set of articles linked under Deployment milestones.
Note
If needed, you can update an existing Microsoft Sentinel for SAP data connector to its latest version.
Overview
Microsoft Sentinel solution for SAP® applications is a Microsoft Sentinel solution that you can use to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers. The solution includes the following components:
- The Microsoft Sentinel for SAP data connector for data ingestion.
- Analytics rules and watchlists for threat detection.
- Functions for easy data access.
- Workbooks for interactive data visualization.
- Watchlists for customization of the built-in solution parameters.
Note
The Microsoft Sentinel for SAP solution is free to install, but there will be an additional hourly charge for activating and using the solution on production systems starting May 2023.
- The additional hourly charge applies to connected production systems only.
- Microsoft Sentinel identifies a production system by looking at the configuration on the SAP system. To do this, Microsoft Sentinel searches for a production entry in the T000 table.
- View the roles of your connected production systems.
The Microsoft Sentinel for SAP data connector is an agent, installed on a VM or a physical server that collects application logs from across the entire SAP system landscape. It then sends those logs to your Log Analytics workspace in Microsoft Sentinel. You can then use the other content in the Threat Monitoring for SAP solution – the analytics rules, workbooks, and watchlists – to gain insight into your organization's SAP environment and to detect and respond to security threats.
Deployment milestones
Follow your deployment journey through this series of articles, in which you'll learn how to navigate each of the following steps.
Note
If needed, you can update an existing Microsoft Sentinel for SAP data connector to its latest version.
| Milestone | Article |
|---|---|
| 1. Deployment overview | YOU ARE HERE |
| 2. Plan architecture | Learn about working with the solution across multiple workspaces (PREVIEW) |
| 3. Deployment prerequisites | Prerequisites for deploying the Microsoft Sentinel solution for SAP® applications |
| 4. Prepare SAP environment | Deploying SAP CRs and configuring authorization |
| 5. Deploy data connector agent | Deploy and configure the container hosting the data connector agent |
| 6. Deploy SAP security content | Deploy SAP security content |
| 7. Microsoft Sentinel solution for SAP® applications | Configure Microsoft Sentinel solution for SAP® applications |
| 8. Optional steps | - Configure auditing - Configure Microsoft Sentinel for SAP data connector to use SNC - Configure audit log monitoring rules - Select SAP ingestion profiles |
Next steps
Begin the deployment of the Microsoft Sentinel solution for SAP® applications by reviewing the prerequisites:
Feedback
Submit and view feedback for