Placeholder image

SAP Enterprise Threat Detection and Microsoft Sentinel

| Michael Schmitt | Martin Pankraz |

Security ETD

YouTube

Anchor

Spotify

Apple

Episode #245

Introduction

In episode 245 of our SAP on Azure video podcast we talk about Security Threat detection with SAP.

SAP Threat Monitoring tools like SAP Enterprise Threat Detection enable real-time monitoring of security events in SAP systems. On the Microsoft side we catch track and catch a lot of security events using Microsoft Sentinel. Luckily there ia a native integration of ETD with Sentinel. To show us how this integration actually works, I am happy to have Michael Schmitt from SAP and our own Martin Pankratz with us again today.

Find all the links mentioned here: https://www.saponazurepodcast.de/episode245

Reach out to us for any feedback / questions:

#Microsoft #SAP #Azure #SAPonAzure #Security #ETD #Sentinel

Summary created by AI

  • Holger introduced the episode and the presenters, Michael Schmidt from SAP and Martin Pankraz from Microsoft, who discussed SAP Enterprise Threat Detection (ETD) and its integration with Microsoft Sentinel.
    • Introduction: Holger welcomed the audience to episode 245 of the SAP on Azure video podcast, introducing Michael Schmidt from SAP and Martin Pankraz from Microsoft. He mentioned that the focus of the episode would be on SAP Enterprise Threat Detection (ETD) and its integration with Microsoft Sentinel.
    • Michael’s Role: Michael Schmidt provided a brief introduction about his role at SAP, mentioning that he is a product manager for SAP Enterprise Threat Detection Cloud Edition, and has been with SAP since 1999.
    • Martin’s Role: Martin Pankraz introduced himself as part of Azure Core at Microsoft, focusing on product experience for KSP workload within the product groups at Microsoft, with a focus on Azure Defender for Cloud and Sentinel.
  • Overview of SAP Enterprise Threat Detection:
  • Michael Schmidt provided an overview of SAP Enterprise Threat Detection Cloud Edition, explaining its real-time security monitoring and alerting capabilities for various SAP application levels, including public cloud, private cloud, and hybrid scenarios.
    • ETD Capabilities: Michael explained that SAP Enterprise Threat Detection (ETD) Cloud Edition provides real-time security monitoring and alerting, especially at the SAP application level. It supports various scenarios including public cloud, private cloud, and hybrid environments.
    • Supported Systems: Michael detailed the types of systems supported by ETD, including S4 HANA systems, HANA databases, web dispatchers, and application servers, both in public and private cloud scenarios.
    • Hybrid Scenarios: Michael emphasized ETD’s capability to support hybrid scenarios, where data can be collected from various sources such as on-premises systems, public cloud environments, and SAP Business Technology Platform (BTP).
    • Managed Service: Michael mentioned that ETD offers a managed service that can be subscribed to, which is particularly beneficial for customers who may not have the necessary skill set to manage ETD themselves.
  • Integration with Microsoft Sentinel:
  • Martin Pankraz discussed the integration of SAP ETD with Microsoft Sentinel, highlighting the benefits of unified alert management, cross-platform attack graph visualization, and shared threat intelligence.
    • Integration Benefits: Martin highlighted the benefits of integrating SAP ETD with Microsoft Sentinel, including unified alert management, cross-platform attack graph visualization, and shared threat intelligence.
    • Customer Reactions: Martin shared that the integration was driven by customer reactions and feedback, particularly from a live hack event where participants expressed a strong interest in seeing ETD integrated with Sentinel.
    • Unified Alerts: Martin explained that the integration allows for unified alert management, where alerts from ETD can be viewed and managed within Sentinel, providing a single pane of glass for security operations.
    • Attack Graph: Martin discussed the importance of a cross-platform attack graph, which helps in correlating signals from various sources, including ETD, to provide a comprehensive view of security events.
    • Shared Intelligence: Martin emphasized the value of shared threat intelligence, where data from ETD can enrich the security insights available in Sentinel, aiding in more effective threat detection and response.
  • Customer Feedback and Hackathon Results:
  • Martin Pankraz shared the results of a live survey conducted during a hackathon, which showed that customers valued unified alert management, cross-platform attack graph visualization, and shared threat intelligence the most.
    • Hackathon Overview: Martin described the hackathon event where the integration of ETD with Sentinel was showcased. Participants were asked for their feedback on the integration.
    • Survey Results: Martin shared the results of a live survey conducted during the hackathon, which indicated that customers highly valued unified alert management, cross-platform attack graph visualization, and shared threat intelligence.
    • Customer Priorities: Martin noted that the survey results helped prioritize the development efforts, focusing on the features that customers found most valuable, such as unified alert management and shared threat intelligence.
  • Hands-On Workshop:
  • Martin Pankraz and Holger discussed the hands-on workshop available on GitHub, which allows participants to replicate the hackathon scenario and understand the integration of SAP ETD with Microsoft Sentinel.
    • Workshop Availability: Martin and Holger discussed the availability of a hands-on workshop on GitHub, which allows participants to replicate the hackathon scenario and understand the integration of SAP ETD with Microsoft Sentinel.
    • Workshop Content: Martin explained that the workshop includes a detailed guide on setting up an attack lab environment, creating phishing links, analyzing the data in ETD and Sentinel, and generating remediation steps.
    • Participant Feedback: Holger mentioned that the feedback from participants who have completed the workshop has been very positive, highlighting the value of understanding the risks and mitigations involved in security monitoring.
    • Setup Requirements: Holger noted that setting up the workshop environment might take some time, especially for those who are not in a guided setup, but emphasized that the effort is worthwhile for the insights gained.
  • Demonstration of SAP ETD and Sentinel Integration:
  • Martin Pankraz and Michael Schmidt demonstrated the integration of SAP ETD with Microsoft Sentinel, showing how alerts from SAP ETD are ingested into Sentinel and how they can be analyzed and correlated with other security events.
    • Demo Setup: Martin and Michael demonstrated the integration by executing a function module in SAP that was not supposed to be accessed, showing how ETD picks up the alert and sends it to Sentinel.
    • Alert Analysis: Michael showed how the alert is managed within ETD, including details such as the user, system, and event that triggered the alert. He explained how this information is then transferred to Sentinel.
    • Sentinel Correlation: Martin demonstrated how the alert from ETD is ingested into Sentinel, where it can be correlated with other security events to provide a comprehensive view of the incident.
    • Incident Management: Martin showed how Sentinel’s incident management capabilities can be used to investigate and respond to the alert, including viewing detailed information and taking remediation actions.
    • Unified View: Martin emphasized the value of having a unified view of security events from both ETD and other sources within Sentinel, enabling more effective threat detection and response.
  • Configuration and Setup:
  • Martin Pankraz explained the configuration and setup process for integrating SAP ETD with Microsoft Sentinel, including the prerequisites and steps for connecting the two systems.
    • Prerequisites: Martin outlined the prerequisites for integrating SAP ETD with Microsoft Sentinel, including the need for a client ID and secret from ETD, and the ability to write to the underlying log analytics workspace.
    • Connection Steps: Martin detailed the steps for connecting ETD to Sentinel, including adding the account, supplying the necessary values from the service key, and authenticating using the Odata API.
    • Ease of Setup: Martin and Holger discussed the simplicity of the setup process, attributing it to the cloud-based nature of ETD and the standardized authentication mechanisms used.
  • Future Plans and Customer Feedback:
  • Martin Pankraz and Michael Schmidt emphasized the importance of customer feedback in shaping the future roadmap of the integration and encouraged participants to provide their input.
    • Feedback Importance: Martin and Michael emphasized the importance of customer feedback in shaping the future roadmap of the ETD and Sentinel integration, encouraging participants to provide their input.
    • Roadmap Items: Martin mentioned that the roadmap includes additional attributes for correlation and other enhancements based on customer needs and feedback.
    • Correlation Attributes: Michael discussed the importance of correlation attributes such as IP addresses, email addresses, and user IDs in enhancing the integration and making it more effective for customers.
  • Conclusion and Call to Action:
  • Holger concluded the session by encouraging participants to try the hands-on workshop and provide feedback on the integration of SAP ETD with Microsoft Sentinel.
    • Workshop Encouragement: Holger concluded the session by encouraging participants to try the hands-on workshop available on GitHub to better understand the integration of SAP ETD with Microsoft Sentinel.
    • Feedback Request: Holger requested participants to provide feedback on their experience with the integration and the workshop to help improve the solution further.

Links

Video index

Based on and using Hugo Cookbook Theme, Font Awesome Icons and Bulma CSS. | Thanks to Recipes4AJ to get me started. | Contact me via