Wat is SAP Enterprise Threat Detection Fundamentals
In this course you will learn how to use SAP Enterprise Threat Detection (ETD) to secure and monitor the security of your SAP landscape. The main objective of the course is to understand how the different features of the product can be used, like Alert Processing, Forensic Analysis and Threat Hunting, Security Monitoring, customizing of the SAP delivered Alert Detection Patterns, building of the customer/LOB specific Alert Detection Patterns. An important focus is given to the understanding of the different Log Data coming out of SAP ERP systems.
A technical overview shows the different components of ETD on how it can be set up in different modes (e.g. High Availability set up alternatives), and how to connect to the various log sources (especially ABAP-based SAP Systems).
Furthermore, the different APIs are discussed to import and export log data into/from ETD, or to push or poll the Alerts from ETD into other Security products.
Another important aspect within the course is the setup of processes on how to organize security event monitoring, Alert handling, Security Analysis, and how to build Standard Operation procedures based on Alerts. Course based on software release: SAP Enterprise Threat Detection installed on a HANA in Memory Database plus an S4H ERP system
This course will prepare you to:
- Understand what SAP Enterprise Threat Detection is, what it does and how it works
- Have a basic understanding of technical components, system connections and setup options
- Get a detailed view into the different log data especially coming out of the SAP ERP systems
- Understand how to ingest non-pre-learned/non-SAP log data into ETD
- Understand the semantic data model of ETD, i.e. semantic log events and semantic attributes
- Get a detailed understanding how to process alerts in ETD
- Get a detailed understanding how to do Security Analysis in ETD and Threat Hunting
-
Contents:
Introduction
Technical Overview – Solution Architecture
Technical Overview – Log Sources
Semantic Data Model
Technical Overview – System Landscape, Sizing and High Availability
Readiness Checks and Troubleshooting/Monitoring (Hana Cockpit- Tools/Smart Data Streaming)
Pattern Creation Introduction
Technical Overview – High Availability, Log-Loss Prevention, Pattern Replay
Integration Scenarios - 3rd Party to ETD
Integration Scenarios - ETD to 3rd Party
Onboarding Lifecycle Overview
Alert Processing
Business Process Threat Patterns
Pseudonymization of User Data
Monitoring Dashboard
Compliance (Retention period, ETD logs, Who did what in ETD?)
Good Practices on Onboarding Lifecycle
Read Access Logging and UI logging as Special Log Sources
Pattern Building Best Practices
Custom Extensions
