Microsoft Sentinel solution for SAP® applications
Protect business-critical data within SAP systems and applications from advanced threats
Guard critical data against advanced threats
SAP systems and applications handle massive amounts of sensitive data that is hosted on Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS), or on-premises infrastructure. The SAP ecosystem is complex and difficult for security operations (SecOps) teams to effectively monitor and protect. The Microsoft Sentinel solution for SAP® applications allows you to monitor, detect, and respond to suspicious activities and guard your business-critical data against sophisticated cyberattacks.
-
Monitor all SAP system layers
Gain visibility across business logic, application, database and operating system layers with built-in investigation and threat detection tools.
-
Detect and automatically respond to threats
Discover suspicious activity including privilege escalation, unauthorised changes, sensitive transactions and suspicious data downloads with out-of-the-box detection capabilities.
-
Correlate SAP activity with other signals
Accurately detect SAP threats with data correlation from all sources and SAP infrastructure.
-
Customise based on your needs
Build your own threat detection solutions to monitor specific business risks to extend built-in security content.
Offer details
The Microsoft Sentinel solution for SAP® applications is generally available with a free promotion through April 30, 2023.
Billing will start on May 1, 2023, as an add-on charge at $2 per production system ID (SID) per hour in addition to the existing Microsoft Sentinel consumption-billing model.
See Microsoft Sentinel pricing for more information
Get started
Start ingesting data from your SAP applications into Microsoft Sentinel with the SAP data connector. The data connector is an agent, delivered as a docker container, that's installed on a virtual machine, a Kubernetes/AKS cluster, or a physical server. It collects application logs from across the entire SAP system over the SAP applicative interfaces, NetWeaver RFC and SAPControl. The SAP data connector then sends those logs and data to Microsoft Sentinel for continuous threat monitoring.
After your data is connected, use the other solution components—analytics rules for threat detection, workbooks for interactive data visualisation, and watchlists for configuration and fine-tuning—to gain insights into your organisation's SAP environment and address security threats.
Get help from a trusted partner
Microsoft has a broad set of partners to help you select, integrate, deploy, and manage security solutions. As managed service providers, Microsoft partners can offer security operations centre (SOC) services using a common SIEM solution to proactively identify security anomalies for the entire IT landscape and take corrective actions in a timely manner. With the solution's native integrations with SAP, threat detection becomes more robust, and creation of compliance reports and dashboards can be automated.
Contact a Microsoft partner for:
- Deploying Microsoft Sentinel for threat protection on SAP.
- Securing SAP on Azure with native cloud security controls.
Additional resources
Prerequisites for deploying SAP continuous threat monitoring in Microsoft Sentinel
Deploy and configure the Microsoft Sentinel SAP data connector agent container
Microsoft Sentinel solution for SAP® applications security content reference
Microsoft Sentinel solution for SAP® applications data reference
Frequently asked questions
-
The SAP data connector agent supports SAP NetWeaver systems and requires preparation steps on the SAP side of the integration and in Azure. For more information, refer to the SAP prerequisites.
-
No, we charge only for active connections to production SAP systems (SIDs) by the hour. Connecting a new system is carried from the SAP data connector after the content-hub solution installation, which is free.
-
No, systems configured for development and test usage aren't charged.
-
No, we note only for SAP application data collection triggered by connecting our SAP connector to SAP SIDs (instances). Only connected instances are billed by the hour.
-
The SAP-specific cost is determined by the number of systems connected. Microsoft Sentinel ingestion costs may vary and are determined by the number of logs collected.
-
Yes, you can integrate with SAP Rise NetWeaver-based systems.