You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/monitor-sap-system-health.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,8 +33,8 @@ This article describes how to use the following features, which allow you to per
33
33
|---------|---------|---------|---------|
34
34
|Agent name |Unique ID of the installed data connector agent. |||
35
35
|SID |The name of the connected SAP system ID (SID). |||
36
-
|Health |Indicates whether the SID is healthy. To troubleshoot health issues, [review the container execution logs](sap/sap-deploy-troubleshoot.md#view-all-container-execution-logs) and review other [troubleshooting steps](sap/sap-deploy-troubleshoot.md). |The **System healthy** status indicates that Microsoft Sentinel identified both logs and a heartbeat from the system system. Additional statuses, like **System unreachable for over 1 day**, indicate the connectivity status. ||
37
-
|System role |Indicates whether the system is productive or not. The data connector agent retrieves the value by reading the SAP T000 table. This value also impacts billing. To change the role, a SAP admin needs to change the configuration in the SAP system. | <ul><li>**Production**. The system is defined by the SAP admin as a production system.</li><li>**Unknown (Production)**. Microsoft Sentinel couldn't retrieve the system status. Microsoft Sentinel regards this type of system as a production system for both security and billing purposes.</li><li>**Non production**. Indicates roles like developing, testing, and customizing.</li><li>**Agent update available**. Displayed in addition to the health status to indicate that a newer SAP connector version exists. In this case, we recommended that you [update the connector](sap/update-sap-data-connector.md).</li</ul> | If the system role is **Production (unknown)**, check the Microsoft Sentinel role definitions and permissions on the SAP system, and validate that the system allows Microsoft Sentinel to read the content of the T000 table. Next, consider [updating the SAP connector](sap/update-sap-data-connector.md) to the latest version. |
36
+
|Health |Indicates whether the SID is healthy. To troubleshoot health issues, [review the container execution logs](sap/sap-deploy-troubleshoot.md#view-all-container-execution-logs) and review other [troubleshooting steps](sap/sap-deploy-troubleshoot.md). |The **System healthy** status indicates that Microsoft Sentinel identified both logs and a heartbeat from the system. Other statuses, like **System unreachable for over 1 day**, indicate the connectivity status. ||
37
+
|System role |Indicates whether the system is productive or not. The data connector agent retrieves the value by reading the SAP T000 table. This value also impacts billing. To change the role, an SAP admin needs to change the configuration in the SAP system. |• **Production**. The system is defined by the SAP admin as a production system.<br>• **Unknown (Production)**. Microsoft Sentinel couldn't retrieve the system status. Microsoft Sentinel regards this type of system as a production system for both security and billing purposes.<br>• **Non production**. Indicates roles like developing, testing, and customizing.<br>• **Agent update available**. Displayed in addition to the health status to indicate that a newer SAP connector version exists. In this case, we recommended that you [update the connector](sap/update-sap-data-connector.md). | If the system role is **Production (unknown)**, check the Microsoft Sentinel role definitions and permissions on the SAP system, and validate that the system allows Microsoft Sentinel to read the content of the T000 table. Next, consider [updating the SAP connector](sap/update-sap-data-connector.md) to the latest version. |
Copy file name to clipboardExpand all lines: articles/sentinel/sap/deployment-overview.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.date: 04/12/2022
9
9
10
10
# Deploy Microsoft Sentinel Solution for SAP
11
11
12
-
This article introduces you to the process of deploying the Microsoft Sentinel Solution for SAP. The full process is detailed in a whole set of articles linked under [Deployment milestones](#deployment-milestones) below.
12
+
This article introduces you to the process of deploying the Microsoft Sentinel Solution for SAP. The full process is detailed in a whole set of articles linked under [Deployment milestones](#deployment-milestones).
13
13
14
14
> [!NOTE]
15
15
> If needed, you can [update an existing Microsoft Sentinel for SAP data connector](update-sap-data-connector.md) to its latest version.
@@ -30,7 +30,7 @@ This article introduces you to the process of deploying the Microsoft Sentinel S
30
30
> - Microsoft Sentinel identifies a production system by looking at the configuration on the SAP system. To do this, Microsoft Sentinel searches for a production entry in the T000 table.
31
31
> -[View the roles of your connected production systems](../monitor-sap-system-health.md).
32
32
33
-
The Microsoft Sentinel for SAP data connector is an agent, installed on a VM or a physical server, that collects application logs from across the entire SAP system landscape. It then sends those logs to your Log Analytics workspace in Microsoft Sentinel. You can then use the other content in the Threat Monitoring for SAP solution – the analytics rules, workbooks, and watchlists – to gain insight into your organization's SAP environment and to detect and respond to security threats.
33
+
The Microsoft Sentinel for SAP data connector is an agent, installed on a VM or a physical server that collects application logs from across the entire SAP system landscape. It then sends those logs to your Log Analytics workspace in Microsoft Sentinel. You can then use the other content in the Threat Monitoring for SAP solution – the analytics rules, workbooks, and watchlists – to gain insight into your organization's SAP environment and to detect and respond to security threats.
-[Microsoft Purview Information Protection connector (Preview)](#microsoft-purview-information-protection-connector-preview)
24
24
25
-
### Monitor SAP system health (Preview)
25
+
### Monitor SAP system health and role (Preview)
26
26
27
-
To ensure proper functioning and performance of your SAP systems, you can now [monitor health information for your SAP systems](monitor-sap-system-health.md)under the SAP data connector, and use an alert rule template to get information about the health of the SAP agent's data collection.
27
+
To ensure proper functioning and performance of your SAP systems, you can now use the SAP data connector page to [monitor information about the health of your SAP systems](monitor-sap-system-health.md)and the status of the SAP roles for the system. You can also use an alert rule template to get information about the health of the SAP agent's data collection.
28
28
29
29
### New incident investigation experience (Preview)
30
30
@@ -216,7 +216,7 @@ Learn how to [add a condition based on a custom detail](create-manage-use-automa
216
216
217
217
### Add advanced "Or" conditions to automation rules (Preview)
218
218
219
-
You can now add OR conditions to automation rules. Also known as condition groups, these allow you to combine several rules with identical actions into a single rule, greatly increasing your SOC's efficiency.
219
+
You can now add OR conditions or condition groups to automation rules. These conditions allow you to combine several rules with identical actions into a single rule, greatly increasing your SOC's efficiency.
220
220
221
221
For more information, see [Add advanced conditions to Microsoft Sentinel automation rules](add-advanced-conditions-to-automation-rules.md).
222
222
@@ -271,7 +271,7 @@ Microsoft Sentinel **incidents** have two main sources:
271
271
272
272
- They are ingested directly from other connected Microsoft security services (such as [Microsoft 365 Defender](microsoft-365-defender-sentinel-integration.md)) that created them.
273
273
274
-
There can, however, be data from sources *not ingested into Microsoft Sentinel*, or events not recorded in any log, that justify launching an investigation. For this reason, Microsoft Sentinel now allows security analysts to manually create incidents from scratch for any type of event, regardless of its source or associated data, in order to manage and document the investigation.
274
+
However, in some cases, data from sources *not ingested into Microsoft Sentinel*, or events not recorded in any log, may justify launching an investigation. For this reason, Microsoft Sentinel now allows security analysts to manually create incidents from scratch for any type of event, regardless of its source or associated data, in order to manage and document the investigation.
275
275
276
276
Since this capability raises the possibility that you'll create an incident in error, Microsoft Sentinel also allows you to delete incidents right from the portal as well.
0 commit comments