From zero to hero security coverage with Microsoft Sentinel for your critical SAP security signals – blog series


22.05.23 SAP playbook for audit log re-enablement added😍

Dear community,

This blog series sheds light on the plug-and-play automation content available to act on suspicious🕵🏽‍♂️ activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.

Get started with below out-of-the-box scenarios:

🔗Part 1Basic SAP User blocking (quickstart template) Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible
🔗Part 2 – Advanced SAP User blocking (enterprise grade) Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration
🔗Part 3 – ReEnable SAP Audit Log after deactivation

Automatically trigger re-activation of the SAP Auditlog if deactivated


🔗Part 4 – Next best scenario request by you or shared by the community 😊

Supporting blog posts

Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs

Revolutionize your SAP Security with Microsoft Sentinel’s SOAR Capabilities



SAP Certified Solutions Directory | Microsoft Sentinel

Deploy Microsoft Sentinel solution for SAP® applications in Microsoft Sentinel | Microsoft Learn

Integrating Azure with SAP RISE managed workloads | Microsoft Learn

Microsoft Sentinel solution for SAP® applications – security content reference | Microsoft Learn

How to use Microsoft Sentinel’s SOAR capabilities with SAP | TechCommunity


As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.




Original Article:

Related blogs


Please enter your comment!
Please enter your name here