You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sap/select-ingestion-profiles.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,11 @@ ms.date: 01/03/2023
9
9
10
10
# Select SAP ingestion profile
11
11
12
-
This article explains how to select the profile for you SAP solution. We recommend that you select an ingestion profile that maximizes your security coverage while meeting your budget requirements. As one way to select a profile, you can turn on all logs for a while, and then reevaluate the ingestion profile according the expected cost related to the ingestion. If needed, you can [simulate expected costs](../billing-monitor-costs.md).
12
+
This article explains how to select the profile for your SAP solution. We recommend that you select an ingestion profile that maximizes your security coverage while meeting your budget requirements.
13
+
14
+
Because SAP is a business application, and business processes tend to be seasonal, it may be difficult to predict the overall volume of logs over time. To address this issue, we recommend that you keep all logs on for two weeks, and learn from the observed activity. This learning can later be revised during business activity peaks, or major landscape transformations.
15
+
16
+
As one way to select a profile, you can turn on all logs for a while, and then reevaluate the ingestion profile according to the expected cost related to the ingestion. If needed, you can [simulate expected costs](../billing-monitor-costs.md).
13
17
14
18
The following sections show typical customer configuration profiles for SAP log ingestion.
15
19
@@ -19,7 +23,7 @@ This profile includes complete coverage for:
19
23
20
24
- Built-in analytics
21
25
- The SAP user authorization master data tables, with users and privilege information
22
-
- The ability to track changes and activities on the SAP landscape. This profile provides additional logging to allow for post-breach investigations and extended hunting abilities.
26
+
- The ability to track changes and activities on the SAP landscape. This profile provides more logging information to allow for post-breach investigations and extended hunting abilities.
23
27
24
28
### systemconfig.ini file
25
29
@@ -74,7 +78,7 @@ USRACL_FULL = False
74
78
75
79
## Detection focused profile
76
80
77
-
This profile includes the core security logs of the SAP landscape required for the majority of the analytic rules to perform well. Post-breach investigations and hunting capabilities are limited.
81
+
This profile includes the core security logs of the SAP landscape required for the most of the analytics rules to perform well. Post-breach investigations and hunting capabilities are limited.
0 commit comments