Enterprise Threat Monitor monitors SAP systems for threats such as:
ETM connects to SAP systems and analyzes different information sources for determining the threats. Analysis includes SAP security logs, system logs, SAP change documents, transport records, user master data changes, ESNC’s fraud related analysis results and many others.
ETM correlates these events via user behavior analysis and its SAP-specific attack signatures, including zero-day vulnerabilities:
Click for more information how you can integrate SAP and Splunk using Enterprise Threat Monitor.
Below you can find information for configuring and running Enterprise Threat Monitor
Please click for instructions for activating SAP Security Monitoring on your landscape.
Enterprise Threat Monitor uses the Efficient Security Response (ESR) methodology to build an efficient process for responding to threats and training the system so that your business activity is learned and noise is eliminated in a short time.
For more information about the ESR methodology you can refer to: Responding to SAP attacks
You can refer to a case study of SAP specific 0-days using the link: Protecting SAP GRC
Enterprise Threat Monitor is the SAP real-time monitoring and threat detection component of ESNC Security Suite. Click to find out how ETM builds a safety net for SAP security vulnerabilities that ESNC Security Suite discovers, including vulnerabilities in custom ABAP code. You can also import your SAP security audit results to ETM.
Please use this link to download Enterprise Threat Monitor components for connecting your SAP system to Splunk.
Please don't hesitate to contact us if you require any assistance.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.