How to Integrate Your SAP Log with a Splunk SIEM?

Introduction

Configure SAP NetWeaver to Generate Audit Log Events

Dynamic Configuration

Static Configuration

Install a SPLUNK Forwarder on the SAP System

Create a New Index and Configure a Data Receiver on the Splunk Indexer

Forward SAP Audit Logs to the Splunk Indexer

SAP Audit Log Parsing

First SAP SIEM Use Case - Detect Account Brute-Force Attacks

Create a Brute-Force Splunk Alert

Further SAP SIEM Use Cases

TOP 5 Security Measures for SAP NetWeaver ABAP

Measure #1: Default Passwords

Measure #2: Gateway Security

Measure #3: Critical Authorizations

Measure #4: Network Segregation

Measure #5: Patch Management

Security Guide for SAP NetWeaver and S/4HANA

Choose Your Weapons Wisely!

Technology

SAP NetWeaver Profile Parameter Security

Network Environment of the SAP System

Underlying Infrastructure Hardening

SAP Custom Development Code and Application Security

Basic SAP Users & Authorizations

Deep SAP Role and Authorizations Management

Processes

Patch Management of SAP NetWeaver and S4HANA Application Layer

SIEM User Case Development and Application Layer Monitoring

People

Education and Awareness

Summary

SAP NetWeaver / S/4HANA Secure Profile Parameters

SAP Default Passwords

SAP Security Guide

SAP Security Guide 1: TOP 5 Security Measures for SAP NetWeaver ABAP

SAP Security Guide 2: Security Guide for SAP NetWeaver and S/4HANA

SAP Security Guide 3: SAP NetWeaver / S/4HANA Secure Profile Parameters