You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sap/cross-workspace.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,7 +48,7 @@ A common practice is to provide some or all of the SOC team members with the **S
48
48
49
49
Creating separate workspaces for the SAP and SOC data has these benefits:
50
50
51
-
- Microsoft Sentinel can create alerts that include both SOC and SAP data, and to run those alerts on the SOC workspace.
51
+
- Microsoft Sentinel can trigger alerts that include both SOC and SAP data, and run those alerts on the SOC workspace.
52
52
53
53
> [!NOTE]
54
54
> For larger SAP landscapes, running queries made by the SOC on data from the SAP workspace can impact performance, because the SAP data must travel to the SOC workspace when being queried. For improved performance and cost optimizations, consider having both the SOC and SAP workspaces on the same [dedicated cluster](../../azure-monitor/logs/logs-dedicated-clusters.md?tabs=cli#cluster-pricing-model).
@@ -62,13 +62,13 @@ This table maps out the access of data and features for the SAP and SOC teams in
|SAP incident access and collaboration |✅|✅|
68
68
69
69
## Scenario 2: SAP data is kept in the SOC workspace
70
70
71
-
In this scenario, you want to keep all of the data in one workspace. You can do this using Log Analytics to [manage access to data by resource](../resource-context-rbac.md). You can also associate SAP resources with an Azure resource ID by specifying the required `azure_resource_id` field in the connector configuration section on the data collector used to ingest data from the SAP system into Microsoft Sentinel.
71
+
In this scenario, you want to keep all of the data in one workspace and to apply access controls. You can do this using Log Analytics to [manage access to data by resource](../resource-context-rbac.md). You can also associate SAP resources with an Azure resource ID by specifying the required `azure_resource_id` field in the [connector configuration section](reference-systemconfig.md#connector-configuration-section) on the data collector used to ingest data from the SAP system into Microsoft Sentinel.
72
72
73
73
:::image type="content" source="media/cross-workspace/sap-cross-workspace-combined.png" alt-text="Diagram of working with the Microsoft Sentinel solution for SAP® applications using the same workspace for the SAP and SOC data." border="false":::
Copy file name to clipboardExpand all lines: articles/sentinel/sap/deploy-sap-security-content.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,11 +60,12 @@ To deploy SAP solution security content, do the following:
60
60
1. Under **Configure the workspace where the SOC data resides in**, select the SOC subscription and workspace.
61
61
1. Under **Configure the workspace where the SAP data resides in**, select the SAP subscription and workspace.
62
62
63
-
For example:
63
+
For example:
64
64
65
-
:::image type="content" source="./media/deploy-sap-security-content/sap-multi-workspace.png" alt-text="Screenshot of how to configure the Microsoft Sentinel solution for SAP® applications to work across multiple workspaces.":::
65
+
:::image type="content" source="./media/deploy-sap-security-content/sap-multi-workspace.png" alt-text="Screenshot of how to configure the Microsoft Sentinel solution for SAP® applications to work across multiple workspaces.":::
66
66
67
-
If you want the SOC and SAP data to be kept on the same workspace, review [this scenario](cross-workspace.md#scenario-2-sap-data-is-kept-in-the-soc-workspace).
67
+
> [!Note]
68
+
> If you want the SAP and SOC data to be kept on the same workspace with no additional access controls, do not select **Some of the data is on a different workspace**. If you want the SOC and SAP data to be kept on the same workspace, but to apply additional access controls, review [this scenario](cross-workspace.md#scenario-2-sap-data-is-kept-in-the-soc-workspace).
68
69
69
70
1. Select **Next** to cycle through the **Data Connectors**, **Analytics**, and **Workbooks** tabs, where you can learn about the components that will be deployed with this solution.
0 commit comments