SIEM  for  SAP  -  Log  Evaluation  to  Attack


             Detection


             By Christoph Nagy, CEO of SecurityBridge




            To detect attacks on SAP, you need to evaluate the security logs in SAP.

            While  many  organizations  have  spent  the  past  few  years  protecting  the  perimeter,  business-critical
            systems are now becoming the priority of security operations. In this article, we will look at what a Service
            Advertising Protocol (“SAP”) SIEM might look like and what data and processes are necessary to enable
            desired conclusions.
            Many  readers  are  already  familiar  with  SIEM  -  an  abbreviation  for  Security  Information  Event
            Management. The best-known vendor solutions are Splunk, IBM QRadar, and MS Sentinel, but there are
            many other providers. SIEMs read security logs from various sources and use an intelligent aggregation
            of the data to derive conclusions about suspicious activities or malicious user behavior.















































                                                                                                              90