What is the SAP Security Audit Log?
SAP security audit log is the main location for the traces of events triggered by the system or by applications, which are related to security. It has a table like form. Based on the configuration which event types must be recorded, it saves the data to the disk on the SAP application server instance.
How can I analyze the SAP security audit logs?
You can use SAP’s SM20 transaction to analyze the raw logs. However, this has many limitations. Our solution Enterprise Threat Monitor analyzes SAP security logs of SAP ABAP, Java, and Hana systems using more than 300 built-in threat detection cases for detecting attacks and suspicious activity as well as compliance violations in real-time.
Enterprise Threat Monitor correlates the SAP security logs in real-time, eliminates noise and false positives using adaptive noise reduction and machine learning and sends alerts or SMS messages if attacks are detected or if something suspicious happens.