You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sap/configure-audit-log-rules.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ With these rules, you can monitor all audit log events, or get alerts only when
17
17
You use two analytics rules to monitor and analyze your SAP audit log data:
18
18
19
19
-**SAP - Dynamic Deterministic Audit Log Monitor (PREVIEW)**. Alerts on any SAP audit log events with minimal configuration. You can configure the rule for an even lower false-positive rate. [Learn how to configure the rule](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842).
20
-
-**SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)**. Alerts on SAP audit log events when anomalies are detected, using machine learning capabilities and with no coding required. [Learn how to configure the rule](#set-up-the-sap---dynamic-deterministic-audit-log-monitor-for-anomaly-detection).
20
+
-**SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)**. Alerts on SAP audit log events when anomalies are detected, using machine learning capabilities and with no coding required. [Learn how to configure the rule](#set-up-the-sap---dynamic-anomaly-based-audit-log-monitor-alerts-preview-rule-for-anomaly-detection).
21
21
22
22
The two [SAP Audit log monitor rules](sap-solution-security-content.md#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) are delivered as ready to run out of the box, and allow for further fine tuning using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
Copy file name to clipboardExpand all lines: articles/sentinel/sap/sap-solution-security-content.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,7 +48,7 @@ Both SAP audit log monitoring analytics rules share the same data sources and th
48
48
A dynamic analytics rule that is intended for covering the entire set of SAP audit log event types which have a deterministic definition in terms of user population, event thresholds.
49
49
50
50
-[Configure the rule with the SAP_Dynamic_Audit_Log_Monitor_Configuration watchlist](#available-watchlists)
51
-
- Learn more about how to [configure the rule](configure-audit-log-rules.md#set-up-the-sap---dynamic-deterministic-audit-log-monitor-for-anomaly-detection) (full procedure)
51
+
- Learn more about how to [configure the rule](configure-audit-log-rules.md#set-up-the-sap---dynamic-anomaly-based-audit-log-monitor-alerts-preview-rule-for-anomaly-detection) (full procedure)
52
52
53
53
#### SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+16-12Lines changed: 16 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,11 +25,25 @@ If you're looking for items older than six months, you'll find them in the [Arch
25
25
>
26
26
> You can also contribute! Join us in the [Microsoft Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki).
27
27
28
+
## October 2022
29
+
30
+
### Out of the box anomaly detection on the SAP audit log (Preview)
31
+
32
+
The SAP audit log records audit and security events on SAP systems, like failed sign-in attempts or other over 200 security related actions. Customers monitor the SAP audit log and generate alerts and incidents out of the box using Microsoft Sentinel built-in analytics rules.
33
+
34
+
The Microsoft Sentinel for SAP solution now includes the [**SAP - Dynamic Anomaly Detection analytics** rule](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/anomaly-detection-on-the-sap-audit-log-using-the-microsoft/ba-p/3418709), adding an out of the box capability to identify suspicious anomalies across the SAP audit log events.
35
+
36
+
Now, together with the existing ability to identify threats deterministically based on predefined patterns and thresholds, customers can easily identify suspicious anomalies in the SAP security log, out of the box, with no coding required.
37
+
38
+
You can fine-tune the new capability by editing the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
39
+
40
+
Learn more:
41
+
-[Learn about the new feature (blog)](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/anomaly-detection-on-the-sap-audit-log-using-the-microsoft/ba-p/3418709)
42
+
-[Use the new rule for anomaly detection](sap/configure-audit-log-rules.md#anomaly-detection)
43
+
28
44
## September 2022
29
45
30
46
-[Create automation rule conditions based on custom details (Preview)](#create-automation-rule-conditions-based-on-custom-details-preview)
31
-
-[Out of the box anomaly detection on the SAP audit log (Preview)](#out-of-the-box-anomaly-detection-on-the-sap-audit-log-preview)
32
-
33
47
-[Add advanced "Or" conditions to automation rules (Preview)](#add-advanced-or-conditions-to-automation-rules-preview)
34
48
-[Heads up: Name fields being removed from UEBA UserPeerAnalytics table](#heads-up-name-fields-being-removed-from-ueba-userpeeranalytics-table)
35
49
-[Windows DNS Events via AMA connector (Preview)](#windows-dns-events-via-ama-connector-preview)
@@ -42,16 +56,6 @@ You can set the value of a [custom detail surfaced in an incident](surface-custo
42
56
43
57
Learn how to [add a condition based on a custom detail](create-manage-use-automation-rules.md#conditions-based-on-custom-details-preview).
44
58
45
-
### Out of the box anomaly detection on the SAP audit log (Preview)
46
-
47
-
The SAP audit log records audit and security events on SAP systems, like failed sign-in attempts or other over 200 security related actions. Customers monitor the SAP audit log and generate alerts and incidents out of the box using Microsoft Sentinel built-in analytics rules.
48
-
49
-
The Microsoft Sentinel for SAP solution now includes the [**SAP - Dynamic Anomaly Detection analytics**](configure-audit-log-rules.md#anomaly-detection) rule, adding an out of the box capability to identify suspicious anomalies across the SAP audit log events.
50
-
51
-
Now, together with the existing ability to identify threats deterministically based on predefined patterns and thresholds, customers can easily identify suspicious anomalies in the SAP security log, out of the box, with no coding required.
52
-
53
-
The new capability can be fine-tuned by editing the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
54
-
55
59
### Add advanced "Or" conditions to automation rules (Preview)
56
60
57
61
You can now add OR conditions to automation rules. Also known as condition groups, these allow you to combine several rules with identical actions into a single rule, greatly increasing your SOC's efficiency.
0 commit comments