Merge pull request #239645 from limwainstein/moving-sap-auditing-page

Moving SAP auditing page

Author: ttorble

articles/sentinel/TOC.yml

@@ -965,6 +965,8 @@
         href: sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md
       - name: Prepare SAP environment
         href: sap/preparing-sap.md
+      - name: Configure auditing
+        href: sap/configure-audit.md
       - name: Deploy data connector agent
         href: sap/deploy-data-connector-agent-container.md
       - name: Deploy SAP security content
@@ -979,9 +981,7 @@
     - name: Optional deployment steps
       items: 
       - name: Configure SAP data connector to use SNC
-        href: sap/configure-snc.md
-      - name: Configure auditing
-        href: sap/configure-audit.md
+        href: sap/configure-snc.md      
       - name: Collect SAP HANA audit logs
         href: sap/collect-sap-hana-audit-logs.md
       - name: Deploy SAP connector manually

articles/sentinel/sap/collect-sap-hana-audit-logs.md

@@ -57,6 +57,7 @@ Learn more about the Microsoft Sentinel solution for SAP® applications:
 - [Deploy and configure the container hosting the SAP data connector agent](deploy-data-connector-agent-container.md)
 - [Deploy SAP security content](deploy-sap-security-content.md)
 - [Deploy the SAP data connector with SNC](configure-snc.md)
+- [Monitor the health of your SAP system](../monitor-sap-system-health.md)
 - [Enable and configure SAP auditing](configure-audit.md)
 
 Troubleshooting:

articles/sentinel/sap/configure-audit-log-rules.md

@@ -63,8 +63,12 @@ You can further configure event types that produce too many incidents using the
 |Determinism or anomalies     |If you know the event’s characteristics, you can use the deterministic capabilities. If you aren't sure how to correctly configure the event, the machine learning capabilities can decide.         |
 |SOAR capabilities     |You can use Microsoft Sentinel to further orchestrate, automate and respond to incidents that can be applied to the SAP audit log dynamic alerts. Learn about [Security Orchestration, Automation, and Response (SOAR)](../automation.md).  |
 
+## Next steps
 
+In this article, you learned how to monitor the SAP audit log using Microsoft Sentinel built-in analytics rules.
 
+- [Learn more about the SAP Audit log monitor rules](sap-solution-security-content.md#monitoring-the-sap-audit-log)
+- [Learn about the SAP Audit Log workbook](sap-audit-log-workbook.md)
 
 
 

articles/sentinel/sap/configure-audit.md

@@ -18,6 +18,33 @@ This article shows you how to enable and configure auditing for the Microsoft Se
 
 Some installations of SAP systems may not have audit log enabled by default. For best results in evaluating the performance and efficacy of the Microsoft Sentinel solution for SAP® applications, enable auditing of your SAP system and configure the audit parameters.
 
+## Deployment milestones
+
+Track your SAP solution deployment journey through this series of articles:
+
+1. [Deployment overview](deployment-overview.md)
+
+1. [Deployment prerequisites](prerequisites-for-deploying-sap-continuous-threat-monitoring.md)
+
+1. [Work with the solution across multiple workspaces](cross-workspace.md) (PREVIEW)
+
+1. [Prepare SAP environment](preparing-sap.md)
+
+1. **Configure auditing (*You are here*)**
+
+1. [Deploy data connector agent](deploy-data-connector-agent-container.md)
+
+1. [Deploy SAP security content](deploy-sap-security-content.md)
+
+1. [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md)
+
+1. Optional deployment steps   
+   - [Configure data connector to use SNC](configure-snc.md)
+   - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+   - [Configure audit log monitoring rules](configure-audit-log-rules.md)
+   - [Deploy SAP connector manually](sap-solution-deploy-alternate.md)
+   - [Select SAP ingestion profiles](select-ingestion-profiles.md)
+
 ## Check if auditing is enabled
 
 1. Sign in to the SAP GUI and run the **RSAU_CONFIG** transaction.
@@ -132,27 +159,9 @@ The following table lists Message IDs used by the Microsoft Sentinel solution fo
 
 ## Next steps
 
-Learn more about the Microsoft Sentinel solution for SAP® applications:
-
-- [Deploy Microsoft Sentinel solution for SAP® applications](deployment-overview.md)
-- [Prerequisites for deploying Microsoft Sentinel solution for SAP® applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md)
-- [Deploy SAP Change Requests (CRs) and configure authorization](preparing-sap.md)
-- [Deploy and configure the container hosting the SAP data connector agent](deploy-data-connector-agent-container.md)
-- [Deploy SAP security content](deploy-sap-security-content.md)
-- [Deploy the SAP data connector with SNC](configure-snc.md)
-- [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
-
-Troubleshooting:
-
-- [Troubleshoot your Microsoft Sentinel solution for SAP® applications deployment](sap-deploy-troubleshoot.md)
-- [Configure SAP Transport Management System](configure-transport.md)
-
-Reference files:
+In this article, you learned how to enable and configure SAP auditing for Microsoft Sentinel.
 
-- [Microsoft Sentinel solution for SAP® applications data reference](sap-solution-log-reference.md)
-- [Microsoft Sentinel solution for SAP® applications: security content reference](sap-solution-security-content.md)
-- [Kickstart script reference](reference-kickstart.md)
-- [Update script reference](reference-update.md)
-- [Systemconfig.ini file reference](reference-systemconfig.md)
+Now you are ready to deploy the data connector agent container.
 
-For more information, see [Microsoft Sentinel solutions](../sentinel-solutions.md).
+> [!div class="nextstepaction"]
+> [Deploy and configure the container hosting the data connector agent](deploy-data-connector-agent-container.md)

articles/sentinel/sap/configure-snc.md

@@ -186,6 +186,7 @@ Learn more about the Microsoft Sentinel solution for SAP® applications:
 - [Deploy SAP security content](deploy-sap-security-content.md)
 - [Deploy the Microsoft Sentinel solution for SAP® applications](configure-snc.md)
 - [Enable and configure SAP auditing](configure-audit.md)
+- [Monitor the health of your SAP system](../monitor-sap-system-health.md)
 - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
 
 Troubleshooting:

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -23,16 +23,20 @@ Deployment of the Microsoft Sentinel solution for SAP® applications is divided
 
 1. [Prepare SAP environment](preparing-sap.md)
 
+1. [Configure auditing](configure-audit.md)
+
 1. **Deploy data connector agent (*You are here*)**
 
 1. [Deploy SAP security content](deploy-sap-security-content.md)
 
 1. [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md)
 
-1. Optional deployment steps
-   - [Configure auditing](configure-audit.md)
-   - [Configure SAP data connector to use SNC](configure-snc.md)
-
+1. Optional deployment steps   
+   - [Configure data connector to use SNC](configure-snc.md)
+   - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+   - [Configure audit log monitoring rules](configure-audit-log-rules.md)
+   - [Deploy SAP connector manually](sap-solution-deploy-alternate.md)
+   - [Select SAP ingestion profiles](select-ingestion-profiles.md)
 
 ## Data connector agent deployment overview
 

articles/sentinel/sap/deploy-sap-security-content.md

@@ -25,15 +25,19 @@ Track your SAP solution deployment journey through this series of articles:
 
 1. [Prepare SAP environment](preparing-sap.md)
 
+1. [Configure auditing](configure-audit.md)
+
 1. [Deploy data connector agent](deploy-data-connector-agent-container.md)
 
 1. **Deploy SAP security content (*You are here*)**
 
 1. [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md)
 
-1. Optional deployment steps
-   - [Configure auditing](configure-audit.md)
+1. Optional deployment steps   
    - [Configure data connector to use SNC](configure-snc.md)
+   - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+   - [Configure audit log monitoring rules](configure-audit-log-rules.md)
+   - [Deploy SAP connector manually](sap-solution-deploy-alternate.md)
    - [Select SAP ingestion profiles](select-ingestion-profiles.md)
 
 ## Deploy SAP security content
@@ -102,6 +106,7 @@ Learn more about the Microsoft Sentinel solution for SAP® applications:
 - [Deploy SAP Change Requests (CRs) and configure authorization](preparing-sap.md)
 - [Deploy and configure the container hosting the SAP data connector agent](deploy-data-connector-agent-container.md)
 - [Deploy SAP security content](deploy-sap-security-content.md)
+- [Monitor the health of your SAP system](../monitor-sap-system-health.md)
 - [Deploy the Microsoft Sentinel for SAP data connector with SNC](configure-snc.md)
 - [Enable and configure SAP auditing](configure-audit.md)
 - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)

articles/sentinel/sap/deployment-overview.md

@@ -11,6 +11,9 @@ ms.date: 04/12/2022
 
 This article introduces you to the process of deploying the Microsoft Sentinel solution for SAP® applications. The full process is detailed in a whole set of articles linked under [Deployment milestones](#deployment-milestones).
 
+> [!TIP]
+> Learn how to [monitor the health and role of your SAP systems](../monitor-sap-system-health.md).
+
 Microsoft Sentinel solution for SAP® applications is certified for SAP S/4HANA® Cloud, Private Edition RISE with SAP and SAP S/4 on-premise. Learn more about this [certification](solution-overview.md#certification).
 
 > [!NOTE]
@@ -47,10 +50,11 @@ Follow your deployment journey through this series of articles, in which you'll
 | **2. Plan architecture** | Learn about [working with the solution across multiple workspaces](cross-workspace.md) (PREVIEW) |
 | **3. Deployment prerequisites** | [Prerequisites for deploying the Microsoft Sentinel solution for SAP® applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md) |
 | **4. Prepare SAP environment** | [Deploying SAP CRs and configuring authorization](preparing-sap.md) |
-| **5. Deploy data connector agent** | [Deploy and configure the container hosting the data connector agent](deploy-data-connector-agent-container.md) |
-| **6. Deploy SAP security content** | [Deploy SAP security content](deploy-sap-security-content.md)
-| **7. Microsoft Sentinel solution for SAP® applications** | [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md) |
-| **8. Optional steps** | - [Configure auditing](configure-audit.md)<br>- [Configure Microsoft Sentinel for SAP data connector to use SNC](configure-snc.md)<br>- [Configure audit log monitoring rules](configure-audit-log-rules.md)<br>- [Select SAP ingestion profiles](select-ingestion-profiles.md) |
+| **5. Configure auditing** | [Configure auditing](configure-audit.md) |
+| **6. Deploy data connector agent** | [Deploy and configure the container hosting the data connector agent](deploy-data-connector-agent-container.md) |
+| **7. Deploy SAP security content** | [Deploy SAP security content](deploy-sap-security-content.md)
+| **8. Configure the solution** | [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md) |
+| **9. Optional steps** |- [Configure Microsoft Sentinel for SAP data connector to use SNC](configure-snc.md)<br>- [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)<br>- [Configure audit log monitoring rules](configure-audit-log-rules.md)<br>- [Deploy SAP connector manually](sap-solution-deploy-alternate.md)<br>- [Select SAP ingestion profiles](select-ingestion-profiles.md) |
 
 ## Next steps
 

articles/sentinel/sap/deployment-solution-configuration.md

@@ -31,15 +31,19 @@ Track your SAP solution deployment journey through this series of articles:
 
 1. [Prepare SAP environment](preparing-sap.md)
 
+1. [Configure auditing](configure-audit.md)
+
 1. [Deploy data connector agent](deploy-data-connector-agent-container.md)
 
 1. [Deploy SAP security content](deploy-sap-security-content.md)
 
 1. **Configure Microsoft Sentinel solution for SAP® applications (*You are here*)**
 
-1. Optional deployment steps
-   - [Configure auditing](configure-audit.md)
+1. Optional deployment steps   
    - [Configure data connector to use SNC](configure-snc.md)
+   - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+   - [Configure audit log monitoring rules](configure-audit-log-rules.md)
+   - [Deploy SAP connector manually](sap-solution-deploy-alternate.md)
    - [Select SAP ingestion profiles](select-ingestion-profiles.md)
 
 ## Configure watchlists
@@ -140,3 +144,32 @@ docker start sapcon-[SID]
 ## Remove the user role and the optional CR installed on your ABAP system
 
 To remove the user role and optional CR imported to your system, import the deletion CR *NPLK900259* into your ABAP system.
+
+## Next steps
+
+Learn more about the Microsoft Sentinel solution for SAP® applications:
+
+- [Deploy Microsoft Sentinel solution for SAP® applications](deployment-overview.md)
+- [Prerequisites for deploying Microsoft Sentinel solution for SAP® applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md)
+- [Deploy SAP Change Requests (CRs) and configure authorization](preparing-sap.md)
+- [Deploy and configure container hosting the SAP data connector agent](deploy-data-connector-agent-container.md)
+- [Deploy SAP security content](deploy-sap-security-content.md)
+- [Monitor the health of your SAP system](../monitor-sap-system-health.md)
+- [Deploy the Microsoft Sentinel for SAP data connector with SNC](configure-snc.md)
+- [Enable and configure SAP auditing](configure-audit.md)
+- [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+
+Troubleshooting:
+
+- [Troubleshoot your Microsoft Sentinel solution for SAP® applications deployment](sap-deploy-troubleshoot.md)
+- [Configure SAP Transport Management System](configure-transport.md)
+
+Reference files:
+
+- [Microsoft Sentinel solution for SAP® applications data reference](sap-solution-log-reference.md)
+- [Microsoft Sentinel solution for SAP® applications: security content reference](sap-solution-security-content.md)
+- [Kickstart script reference](reference-kickstart.md)
+- [Update script reference](reference-update.md)
+- [Systemconfig.ini file reference](reference-systemconfig.md)
+
+For more information, see [Microsoft Sentinel solutions](../sentinel-solutions.md).

articles/sentinel/sap/preparing-sap.md

@@ -49,15 +49,19 @@ Track your SAP solution deployment journey through this series of articles:
 
 1. **Prepare SAP environment (*You are here*)**
 
+1. [Configure auditing](configure-audit.md)
+
 1. [Deploy data connector agent](deploy-data-connector-agent-container.md)
 
 1. [Deploy SAP security content](deploy-sap-security-content.md)
 
 1. [Configure Microsoft Sentinel solution for SAP® applications](deployment-solution-configuration.md)
 
-1. Optional deployment steps
-   - [Configure auditing](configure-audit.md)
+1. Optional deployment steps   
    - [Configure data connector to use SNC](configure-snc.md)
+   - [Collect SAP HANA audit logs](collect-sap-hana-audit-logs.md)
+   - [Configure audit log monitoring rules](configure-audit-log-rules.md)
+   - [Deploy SAP connector manually](sap-solution-deploy-alternate.md)
    - [Select SAP ingestion profiles](select-ingestion-profiles.md)
 
 To deploy the CRs, follow the steps outlined below. The steps below may differ according to the version of the SAP system and should be considered for demonstration purposes only.
@@ -408,7 +412,7 @@ If the job exists and is configured correctly, no further steps are needed.
 
 You have now fully prepared your SAP environment. The required CRs have been deployed, a role and profile have been provisioned, and a user account has been created and assigned the proper role profile.
 
-Now you are ready to deploy the data connector agent container.
+Now you are ready to enable and configure SAP auditing for Microsoft Sentinel.
 
 > [!div class="nextstepaction"]
-> [Deploy and configure the container hosting the data connector agent](deploy-data-connector-agent-container.md)
+> [Enable and configure SAP auditing for Microsoft Sentinel](configure-audit.md)