Placeholder image

SAP LogServ integration with Microsoft Sentinel

| Hemanth Kusampudi | Martin Pankraz | Bastian Ulke |

Security RISE

YouTube

Anchor

Spotify

Apple

Episode #243

Introduction

In episode 243 of our SAP on Azure video podcast we talk about SAP LogServ and Microsoft Sentinel!

I am just returning from Sapphire in Orlando and among a lot of AI related discussions, the topic of Security was also top of mind. Several RISE customers actually approached me and asked about the SAP LogServ integration with Microsoft Sentinel. It looks like the latest release from SAP and Microsoft adressed something, that is quite top of mind for customers at the moment. To give us more insights, on what this LogServ and Sentinel integraiton is and how you can benefit from it, I am happy to have Hemanth from SAP, and Martin and Bastian with us today.

Find all the links mentioned here: https://www.saponazurepodcast.de/episode243

Reach out to us for any feedback / questions:

#Microsoft #SAP #Azure #SAPonAzure #RISE #Security #LogServ #Sentinel

Summary created by AI

  • Hemanth introduced Log Serve, explaining its role in providing log analytics services similar to Azure’s Log Analytics workspace. He emphasized the importance of sharing logs with customers and using the data for advanced analytics.
    • Introduction: Hemanth introduced himself as the Chief Security Architect of ECM and the service owner for the portfolio of security services. He explained that SAP is the largest private cloud service provider, and Log Serve is a new service launched to provide log analytics similar to Azure’s Log Analytics workspace.
    • Analogy: Hemanth made an analogy comparing Log Serve to Azure’s Log Analytics workspace, explaining that while they are technically different, the goal is to share logs with customers and perform advanced analytics.
    • Future Use: Hemanth mentioned that in the future, any services built will use the data lake and log analytics service as a platform to share data and perform advanced analytics, similar to cloud service providers like Azure.
  • SAP and Microsoft Collaboration:
  • Holger welcomed the guests and highlighted the collaboration between SAP and Microsoft, focusing on the integration of SAP Log Serve with Microsoft Sentinel. He mentioned the interest from customers in this integration.
    • Welcome: Holger welcomed the guests, including Hemanth from SAP and Martin and Bastian from Microsoft, and introduced the topic of SAP and Microsoft collaboration.
    • Customer Interest: Holger mentioned that several Rise customers approached him about the SAP Log Serve integration with Microsoft Sentinel, indicating significant customer interest in this integration.
    • Integration Focus: Holger highlighted that the latest release from SAP and Microsoft addressed a top-of-mind issue for customers, focusing on the integration of SAP Log Serve with Microsoft Sentinel.
  • Overview of SAP Log Serve:
  • Hemanth provided an overview of SAP Log Serve, explaining its purpose in sharing raw logs from infrastructure, application, and system layers with customers in near real-time. He compared it to Azure’s Log Analytics workspace and emphasized its importance for security and compliance.
    • Purpose: Hemanth explained that SAP Log Serve aims to share raw logs from infrastructure, application, and system layers with customers in near real-time, providing visibility and access to critical data.
    • Comparison: Hemanth compared SAP Log Serve to Azure’s Log Analytics workspace, highlighting that it offers similar functionalities, including log retention and integration with different log management systems.
    • Security and Compliance: Hemanth emphasized the importance of SAP Log Serve for security and compliance, allowing customers to apply their own security measures and meet compliance standards.
  • Customer Control and Transparency:
  • Holger and Hemanth discussed the importance of providing customers with access to logs for transparency and security. They highlighted the need for customers to have control over their data and the ability to apply their own security measures.
    • Customer Needs: Holger and Hemanth discussed that customers migrating to infrastructure and platform as a service need visibility into the infrastructure layer and access to application logs for security and compliance purposes.
    • Control and Security: They emphasized the importance of customers having control over their data, allowing them to apply their own security measures, such as geolocation metrics and IP address restrictions.
    • Transparency: Holger mentioned that providing access to logs helps maintain transparency, making customers feel more secure by having access to their data even when hosted on SAP’s infrastructure.
  • Architecture Overview:
  • Martin and Bastian presented the architecture overview of the Log Serve and Sentinel integration, explaining the process flow and the roles involved. They demonstrated how to deploy the solution from the Sentinel Content Hub and share credentials with SAP.
    • Process Flow: Martin and Bastian explained the process flow of the Log Serve and Sentinel integration, starting with the deployment from the Sentinel Content Hub and sharing credentials with SAP.
    • Roles Involved: They highlighted the roles involved in the process, including the security operator and the TSM or CDM from SAP, who are responsible for managing the integration.
    • Deployment Steps: Bastian demonstrated the steps to deploy the solution from the Sentinel Content Hub, including creating the data collection endpoint and configuring the necessary authentication.
  • Deploying the Solution:
  • Bastian demonstrated the deployment of the Sentinel solution, showing the steps to install the SAP Log Serve integration from the Content Hub and configure the data collection endpoint.
    • Resource Group: Bastian created a dedicated resource group for the demo, containing a Log Analytics workspace and onboarded it to Sentinel.
    • Content Hub: He navigated to the Content Hub in Sentinel and installed the SAP Log Serve integration module for S4 HANA Cloud Private Edition.
    • Connector Page: Bastian showed how to open the connector page and deploy the push connector resources, which include the data collection endpoint and app registration.
  • Access Control and Permissions:
  • Bastian explained the access control and permissions setup for the data collection rule, highlighting the role assignments and the importance of secure authentication between Azure tenants.
    • Role Assignments: Bastian explained the role assignments for the data collection rule, including the monitoring metrics publisher role assigned to the app registration.
    • Secure Authentication: He emphasized the importance of secure authentication between Azure tenants, ensuring that only authorized identities can publish data to the Log Analytics workspace.
    • Long-Term Integration: Hemanth added that the secure authentication setup provides a long-term integration solution, avoiding temporary access keys and ensuring a more secure and stable connection.
  • Querying Log Data:
  • Bastian demonstrated how to query log data in the Log Analytics workspace, showing how to filter and analyze logs from different sources, including HANA database logs.
    • Log Sources: Bastian showed how to query log data from different sources, including Linux, DNS, Windows, SAP web dispatcher, proxy, and HANA logs.
    • HANA Logs: He demonstrated how to filter and analyze HANA database logs, extracting specific details such as host system, severity, and user actions.
    • Parsing Data: Bastian explained how to parse the raw log data to extract meaningful information, using KQL queries to split and categorize the data.
  • Filtering Log Data:
  • Martin discussed the importance of filtering log data to avoid overwhelming users with unnecessary information. He provided guidelines on how to filter logs based on their relevance and volume.
    • Relevance and Volume: Martin emphasized the importance of filtering log data based on relevance and volume to avoid overwhelming users with unnecessary information.
    • Guidelines: He provided guidelines on how to filter logs, including selecting specific log sources and using KQL queries to discard irrelevant data.
    • Customer Feedback: Martin mentioned that customer feedback is crucial in determining which logs are most relevant and useful for different use cases, such as threat protection and compliance.
  • Future Plans:
  • Hemanth and Martin discussed future plans for enhancing the Log Serve integration with more security services and advanced analytics capabilities. They emphasized the importance of customer feedback in shaping the development of the solution.
    • Security Services: Hemanth mentioned plans to enhance Log Serve with more security services, providing advanced observability and detection capabilities.
    • Advanced Analytics: They discussed the potential for advanced analytics capabilities, allowing customers to configure alerts and reduce white noise in their log data.
    • Customer Feedback: Both Hemanth and Martin emphasized the importance of customer feedback in shaping the development of the solution, ensuring it meets the needs of different use cases and security standards.

Links

Video index

Based on and using Hugo Cookbook Theme, Font Awesome Icons and Bulma CSS. | Thanks to Recipes4AJ to get me started. | Contact me via