SAP QRadar Integration – Sending SAP Security Events to QRadar using Leef Format
SAP QRadar integration including sending realtime SAP security events to QRadar can be accomplished by Enterprise Threat Monitor in a couple of steps. ETM has over 300 SAP specific threat detection cases built-in, which includes 0-day SAP attack signatures, common attacks such using debugging on SAP to bypass authorizations, and compliance related issues such as SAP account sharing or download of customer master data.
For connecting QRadar with SAP security events, Enterprise Threat Monitor uses the native interfaces of SAP and it analyzes the realtime SAP security events using its correlation engine. ETM then uses machine learning to eliminate false positives and noise.
Further configuration of customer specific Z* or Y* tables, reports and SAP transactions can be easily accomplished in the Enterprise Threat Monitor customizations screen.
The result is high quality offense information in IBM QRadar Leef format, which is ready to be consumed by QRadar.