You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sap/workloads/rise-integration-security.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,13 +37,13 @@ SSO against Active Directory (AD) of your Windows domain for ECS/RISE managed SA
37
37
38
38
It can be used with any data source that Defender XDR and Sentinel support, including SAP RISE/ECS. Below shows the stand-alone experience.
39
39
40
-
:::image type="complex" source="./media/sap-rise-integration/sap-rise-security-copilot.png" alt-text="Using Copilot for Security with SAP RISE/ECS":::
40
+
:::image type="complex" source="./media/sap-rise-integration/sap-rise-security-copilot.png" alt-text="Using Copilot for Security with SAP RISE/ECS incidents":::
41
41
This image shows an example of the Microsoft Copilot for Security experience using an prompt to investigate an SAP incident.
42
42
:::image-end:::
43
43
44
44
In addition to that the Copilot for Security experience is embedded on the Defender XDR portal. Next to an AI-generated summary, recommendations and remediation like password reset for SAP are provided out-of-the-box. Learn more about automatic SAP attack disruption [here](../../sentinel/sap/deployment-attack-disrupt.md).
45
45
46
-
:::image type="complex" source="./media/sap-rise-integration/sap-rise-security-copilot-defender-portal.png" alt-text="Using Copilot for Security with SAP RISE/ECS":::
46
+
:::image type="complex" source="./media/sap-rise-integration/sap-rise-security-copilot-defender-portal.png" alt-text="Using embedded Copilot for Security experience in Defender with SAP RISE/ECS incidents":::
47
47
This image shows an example of Microsoft Copilot for Security analyzing an incident detected on SAP RISE through Defender XDR. Data ingestion is done through the Microsoft Sentinel solution for SAP applications.
48
48
:::image-end:::
49
49
@@ -69,9 +69,9 @@ To enable the solution, only an authorized RFC user is required and nothing need
69
69
- Only RFC based connections are possible currently with SAP RISE/ECS environments
70
70
71
71
> [!IMPORTANT]
72
-
> Running Microsoft Sentinel in an SAP RISE/ECS environment requires:
73
-
> - Importing an SAP transport change request for the following log fields/source: Client IP address information from SAP security audit log, DB table logs (preview), spool output log. Sentinel's built-in content (detections, workbooks and playbooks) provides extensive coverage and correlation without those log sources.
74
-
> - SAP infrastructure and operating system logs aren't available to Sentinel in RISE, including VMs running SAP, SAPControl data sources, network resources placed within ECS. SAP monitors elements of the Azure infrastructure and operation system independently.
72
+
>
73
+
> -Running Microsoft Sentinel in an SAP RISE/ECS environment requires: Importing an SAP transport change request for the following log fields/source: Client IP address information from SAP security audit log, DB table logs (preview), spool output log. Sentinel's built-in content (detections, workbooks and playbooks) provides extensive coverage and correlation without those log sources.
74
+
> - SAP infrastructure and operating system logs aren't available to Sentinel in RISE, due to shared responsibility model.
75
75
76
76
### Automatic response with Sentinel's SOAR capabilities
0 commit comments