Dear community,

This blog series sheds light on the plug-and-play automation content available to act on suspicious activity on SAP RISE, SAP ERP, Business Technology Platform, and Azure AD with Microsoft Sentinel.

Get started with below out-of-the-box scenarios:

Part 1 – Basic SAP User blocking (quickstart template)	Understand deployment options, configure your favorite scenario, adapt the Teams message, and start blocking SAP users as quickly as possible
Part 2 – Advanced SAP User blocking (enterprise grade)	Uplevel the basic scenario with secure credential handling and dynamic parameterization to scale the approach across your whole SAP estate with simple configuration
Part 3 – ReEnable SAP Audit Log after deactivation	Automatically trigger re-activation of the SAP Auditlog if deactivated
Part 4 – Next best scenario request by you or shared by the community

Supporting blog posts

Generate SOAP services for your legacy RFCs to simplify integration out-of-the-box | SAP Blogs

Revolutionize your SAP Security with Microsoft Sentinel’s SOAR Capabilities

References

SAP Certified Solutions Directory | Microsoft Sentinel

Deploy Microsoft Sentinel solution for SAP® applications in Microsoft Sentinel | Microsoft Learn

Integrating Azure with SAP RISE managed workloads | Microsoft Learn

Microsoft Sentinel solution for SAP® applications – security content reference | Microsoft Learn

How to use Microsoft Sentinel’s SOAR capabilities with SAP | TechCommunity

As always feel free to ask lots of follow-up questions and share your own SOAR scenarios with the community.

Cheers

Martin

Original Article:
https://blogs.sap.com/2023/05/22/from-zero-to-hero-security-coverage-with-microsoft-sentinel-for-your-critical-sap-security-signals-blog-series/