Log Management
Smart Filter & Detection Patterns

 

Log Crawling

The SecurityBridge Intrusion Detection Scanner (IDS) continuously reads all SAP logs to measure the security state of the system. For each event identified, the IDS algorithm decides on the security relevance, and assigns a severity rating, using the common vulnerability scoring system (CVSS). Alert messages are enriched with the context required to make the event actionable. Some of the primary log sources processed in real-time:

 

Table Logs

Description

The standard SAP system will not record changes users make directly to a table using transaction SM30, or if a developer writes a program directly changing table contents. Table logging is a track mechanism that records table content changes in a system. It is useful if you want to know: Who made a change? What was changed? When was the change made?

Priority

High

Classification

Manual activation needed! Customer specific tables require the table logging attribute to be set.

Storage

SAP DB

 

Change Documents

Description

Business data is changed frequently. These changes can be logged for objects that are critical or susceptible to audits. It is helpful, and sometimes necessary, to trace or reconstruct such changes during an investigation or system audit.

Priority

High

Classification

Active by default. Customer specific enhancements are possible.

Storage

SAP DB

 

User Statistics

Description

The Business Transaction Analysis (Transaction STAD) delivers workload statistics across business transactions. Any program or transaction executed is recorded. Many systems only store statistical information for a short duration.

Priority

Very High

Classification

Active, by default

Storage

SAP DB

 

Security Audit Log

Description

The Security Audit Log is the primary source for security and audit relevant events in any SAP system.

Priority

Very High

Classification

Manual activation needed!

Storage

DB, File or both
(Note 2191612)

 

HANA Security Log

Description

This section is only relevante to HANA based systems. Other DB systems may contain their own security and audit log.

Priority

High

Classification

Manual activation needed!

Storage

SAP DB or filesystem

 

System Log

Description

The SAP System Log includes all system errors, warnings, user locks due to failed logon attempts from known users, and process messages in the system log.

Priority

High

Classification

Manual activation needed!

Storage

Filesystem

 

... and many more

test

Request a live demo
Eliminate cybersecurity threats within days, with real-time intelligence.

 

Call us or contact us today.

By submitting the form, you acknowledge that you have read and agreed to our Privacy Policy .
 

Address

ABAP-Experts.com
NCMI GmbH

Europe (Headquarters)
 Phone: +49 911 4902 1918
 Münchenerstr. 49, 85051 Ingolstadt, Germany

United States
 Phone: +1 617 819 5340