Learn Editor: Update sap-btp-solution-overview.md

MartinPankraz · MartinPankraz · commit 74577d46559c · 2025-07-25T09:38:07.000+02:00
diff --git a/articles/sentinel/sap/sap-btp-solution-overview.md b/articles/sentinel/sap/sap-btp-solution-overview.md
@@ -19,11 +19,16 @@ The Microsoft Sentinel solution for SAP BTP monitors and protects your SAP Busin
 
 ## Solution architecture
 
-The following image illustrates how Microsoft Sentinel retrieves the complete BTP's audit log information. The Microsoft Sentinel solution for SAP BTP provides built-in analytics rules and detections for selected scenarios, which you can extend to cover more of the audit log information and events.
+The following image illustrates how Microsoft Sentinel retrieves the complete BTP's audit log information using SAP Audit Log Management service. The Microsoft Sentinel solution for SAP BTP provides built-in analytics rules and detections for selected scenarios, which you can extend to cover more of the audit log information and events.
 
 :::image type="content" source="media/deploy-sap-btp-solution/sap-btp-solution-overview.png" alt-text="Diagram that shows an SAP BTP landscape integrated with Microsoft Sentinel." lightbox="media/deploy-sap-btp-solution/sap-btp-solution-overview.png" border="false":::
 
 
+Learn more about the built-in events that SAP BTP logs via their service from the [SAP documentation](https://help.sap.com/docs/btp/sap-business-technology-platform/security-events-logged-by-cf-services).
+
+> [!NOTE]
+> Custom apps developed on SAP BTP using the Cloud Foundry environment, SAP Cloud Application Programming (CAP) Model, etc. don't write to the SAP Audit Log Management service by default. Only app sign-ins via XSUAA, the SAP Cloud Identity Service, or activity on linked SAP standard services are tracked automatically. Audit relevant events on custom apps internal logic need to be implemented by the app developer. See [this SAP documentation](https://cap.cloud.sap/docs/guides/data-privacy/audit-logging#use-sap-audit-log-service) for details on how to do it with CAP.
+
 ## Why it's important to monitor BTP activity
 
 While low-code development platforms have become increasingly popular among businesses looking to accelerate their application development processes, there are also security risks that organizations must consider. One key concern is the risk of security vulnerabilities introduced by citizen developers, some of whom might lack the security awareness of traditional pro-dev community. To counter these vulnerabilities, it's crucial for organizations to quickly detect and respond to threats on BTP applications.
