Merge pull request #281070 from batamig/sap-btp-ga

SAP BTP to GA

Author: v-dirichards

articles/sentinel/sap/deploy-sap-btp-solution.md

@@ -5,17 +5,14 @@ author: batamig
 ms.author: bagol
 ms.topic: how-to
 ms.custom: devx-track-azurepowershell
-ms.date: 03/30/2023
+ms.date: 07/17/2024
 # customer intent: As an SAP admin, I want to know how to deploy the Microsoft Sentinel solution for SAP BTP so that I can plan a deployment.
 ---
 
 # Deploy the Microsoft Sentinel solution for SAP BTP
 
 This article describes how to deploy the Microsoft Sentinel solution for SAP Business Technology Platform (BTP) system. The Microsoft Sentinel solution for SAP BTP monitors and protects your SAP BTP system. It collects audit logs and activity logs from the BTP infrastructure and BTP-based apps, and then detects threats, suspicious activities, illegitimate activities, and more. [Read more about the solution](sap-btp-solution-overview.md).
 
-> [!IMPORTANT]
-> The Microsoft Sentinel solution for SAP BTP solution is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
 ## Prerequisites
 
 Before you begin, verify that:
@@ -105,7 +102,7 @@ You also can retrieve the logs via the UI:
 
 We recommend that you periodically rotate the BPT subaccount client secrets. The following sample script demonstrates the process of updating an existing data connector with a new secret fetched from Azure Key Vault.
 
-Before you start, collect the values you'll need for the scripts parameters, including:
+Before you start, collect the values you need for the scripts parameters, including:
 
  - The subscription ID, resource group, and workspace name for your Microsoft Sentinel workspace.
  - The key vault and the name of the key vault secret.

articles/sentinel/sap/media/deploy-sap-btp-solution/sap-btp-create-solution.png

@@ -1,18 +1,15 @@
 ---
-title: Microsoft Sentinel Solution for SAP® BTP - security content reference
-description: Learn about the built-in security content provided by the  Microsoft Sentinel Solution for SAP® BTP.
+title: Microsoft Sentinel Solution for SAP BTP - security content reference
+description: Learn about the built-in security content provided by the  Microsoft Sentinel Solution for SAP BTP.
 author: batamig
 ms.author: bagol
 ms.topic: reference
-ms.date: 03/30/2023
+ms.date: 07/17/2024
 ---
 
-#  Microsoft Sentinel Solution for SAP® BTP: security content reference
+# Microsoft Sentinel Solution for SAP BTP: security content reference
 
-This article details the security content available for the Microsoft Sentinel Solution for SAP® BTP.
-
-> [!IMPORTANT]
-> The Microsoft Sentinel Solution for SAP® BTP is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+This article details the security content available for the Microsoft Sentinel Solution for SAP BTP.
 
 Available security content currently includes a built-in workbook and analytics rules. You can also add SAP-related [watchlists](../watchlists.md) to use in your search, detection rules, threat hunting, and response playbooks.
 
@@ -27,28 +24,28 @@ The BTP Activity Workbook provides a dashboard overview of BTP activity.
 The **Overview** tab shows: 
 
 - An overview of BTP subaccounts, helping analysts identify the most active accounts and the type of ingested data. 
-- Subaccount sign-in activity, helping analysts identify spikes and trends that may be associated with sign-in failures in SAP Business Application Studio (BAS). 
+- Subaccount sign-in activity, helping analysts identify spikes and trends that might be associated with sign-in failures in SAP Business Application Studio (BAS). 
 - Timeline of BTP activity and number of BTP security alerts, helping analysts search for any correlation between the two.
 
 The **Identity Management** tab shows a grid of identity management events, such as user and security role changes, in a human-readable format. The search bar lets you quickly find specific changes.
 
 :::image type="content" source="./media/sap-btp-security-content/sap-btp-workbook-identity-management.png" alt-text="Screenshot of the Identity Management tab of the SAP BTP workbook." lightbox="./media/sap-btp-security-content/sap-btp-workbook-identity-management.png":::
 
-For more information, see [Tutorial: Visualize and monitor your data](../monitor-your-data.md) and [Deploy Microsoft Sentinel Solution for SAP® BTP](deploy-sap-btp-solution.md).
+For more information, see [Tutorial: Visualize and monitor your data](../monitor-your-data.md) and [Deploy Microsoft Sentinel Solution for SAP BTP](deploy-sap-btp-solution.md).
 
 ## Built-in analytics rules
 
 | Rule name | Description | Source action | Tactics |
 | --------- | --------- | --------- | --------- |
-| **BTP - Failed access attempts across multiple BAS subaccounts** |Identifies failed Business Application Studio (BAS) access attempts over a predefined number of subaccounts.<br>Default threshold: 3 | Run failed login attempts to BAS over the defined threshold number of subaccounts. <br><br>**Data sources**: SAPBTPAuditLog_CL | Discovery, Reconnaissance |
+| **BTP - Failed access attempts across multiple BAS subaccounts** |Identifies failed Business Application Studio (BAS) access attempts over a predefined number of subaccounts.<br>Default threshold: 3 | Run failed sign-in attempts to BAS over the defined threshold number of subaccounts. <br><br>**Data sources**: SAPBTPAuditLog_CL | Discovery, Reconnaissance |
 | **BTP - Malware detected in BAS dev space** |Identifies instances of malware detected by the SAP internal malware agent within BAS developer spaces. | Copy or create a malware file in a BAS developer space. <br><br>**Data sources**: SAPBTPAuditLog_CL| Execution, Persistence, Resource Development |
-| **BTP - User added to sensitive privileged role collection** |Identifies identity management actions where a user is added to a set of monitored privileged role collections. | Assign one of the following role collections to a user: "Subaccount Service Administrator", "Subaccount Administrator", "Connectivity and Destination Administrator", "Destination Administrator", "Cloud Connector Administrator”. <br><br>**Data sources**: SAPBTPAuditLog_CL | Lateral Movement, Privilege Escalation |
+| **BTP - User added to sensitive privileged role collection** |Identifies identity management actions where a user is added to a set of monitored privileged role collections. | Assign one of the following role collections to a user: <br>- `Subaccount Service Administrator`<br>- `Subaccount Administrator`<br>- `Connectivity and Destination Administrator`<br>- `Destination Administrator`<br>- `Cloud Connector Administrator` <br><br>**Data sources**: SAPBTPAuditLog_CL | Lateral Movement, Privilege Escalation |
 | **BTP - Trust and authorization Identity Provider monitor** |Identifies create, read, update, and delete (CRUD) operations on Identity Provider settings within a subaccount. | Change, read, update, or delete any of the identity provider settings within a subaccount. <br><br>**Data sources**: SAPBTPAuditLog_CL | Credential Access, Privilege Escalation |
 | **BTP - Mass user deletion in a subaccount** |Identifies user account deletion activity where the number of deleted users exceeds a predefined threshold.<br>Default threshold: 10 | Delete count of user accounts over the defined threshold. <br><br>**Data sources**: SAPBTPAuditLog_CL | Impact |
 
 ## Next steps
 
-In this article, you learned about the security content provided with the Microsoft Sentinel Solution for SAP® BTP.
+In this article, you learned about the security content provided with the Microsoft Sentinel Solution for SAP BTP.
 
-- [Deploy Microsoft Sentinel solution for SAP® BTP](deploy-sap-btp-solution.md)
-- [Microsoft Sentinel Solution for SAP® BTP overview](sap-btp-solution-overview.md)
+- [Deploy Microsoft Sentinel solution for SAP BTP](deploy-sap-btp-solution.md)
+- [Microsoft Sentinel Solution for SAP BTP overview](sap-btp-solution-overview.md)

articles/sentinel/sap/sap-btp-security-content.md

@@ -1,38 +1,35 @@
 ---
-title: Microsoft Sentinel Solution for SAP® BTP overview
-description: This article introduces the Microsoft Sentinel Solution for SAP® BTP.
+title: Microsoft Sentinel Solution for SAP BTP overview
+description: This article introduces the Microsoft Sentinel Solution for SAP BTP.
 author: batamig
 ms.author: bagol
-ms.topic: conceptual
-ms.date: 03/22/2023
+ms.topic: concept-article
+ms.date: 07/17/2024
 ---
 
-# Microsoft Sentinel Solution for SAP® BTP overview
+# Microsoft Sentinel Solution for SAP BTP overview
 
-This article introduces the Microsoft Sentinel Solution for SAP® BTP. The solution monitors and protects your SAP Business Technology Platform (BTP) system: It collects audits and activity logs from the BTP infrastructure and BTP based apps, and detects threats, suspicious activities, illegitimate activities, and more.
+This article introduces the Microsoft Sentinel Solution for SAP BTP. The solution monitors and protects your SAP Business Technology Platform (BTP) system: It collects audits and activity logs from the BTP infrastructure and BTP based apps, and detects threats, suspicious activities, illegitimate activities, and more.
 
 SAP BTP is a cloud-based solution that provides a wide range of tools and services for developers to build, run, and manage applications. One of the key features of SAP BTP is its low-code development capabilities. Low-code development allows developers to create applications quickly and efficiently by using visual drag-and-drop interfaces and prebuilt components, rather than writing code from scratch.
 
-> [!IMPORTANT]
-> The Microsoft Sentinel Solution for SAP® BTP is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
 ### Why it's important to monitor BTP activity
 
-While low-code development platforms have become increasingly popular among businesses looking to accelerate their application development processes, there are also security risks that organizations must consider. One key concern is the risk of security vulnerabilities introduced by citizen developers, some of whom may lack the security awareness of traditional pro-dev community. To counter these vulnerabilities, it's crucial for organizations to quickly detect and respond to threats on BTP applications.
+While low-code development platforms have become increasingly popular among businesses looking to accelerate their application development processes, there are also security risks that organizations must consider. One key concern is the risk of security vulnerabilities introduced by citizen developers, some of whom might lack the security awareness of traditional pro-dev community. To counter these vulnerabilities, it's crucial for organizations to quickly detect and respond to threats on BTP applications.
 
 Beyond the low-code aspect, BTP applications:
 
 - Access sensitive business data, such as customers, opportunities, orders, financial data, and manufacturing processes.
 - Access and integrate with multiple different business applications and data stores​.
 - Enable key business processes​.
-- Are created by citizen developers who may not be security savvy or aware of cyber threats.
+- Are created by citizen developers who might not be security savvy or aware of cyber threats.
 - Used by wide range of users, internal and external​.
 
 Therefore, it's important to protect your BTP system against these risks.
 
 ## How the solution addresses BTP security risks
 
-With the Microsoft Sentinel Solution for SAP® BTP, you can:
+With the Microsoft Sentinel Solution for SAP BTP, you can:
 
 - Gain visibility to activities **on** BTP applications, including creation, modification, permissions change, execution, and more.
 - Gain visibility to activities **in** BTP applications, including who uses the application, which business applications the BTP application accesses, business data Create, Read, Update, Delete (CRUD) activities, and more.
@@ -48,7 +45,7 @@ The solution includes:
 
 ## Next steps
 
-In this article, you learned about the Microsoft Sentinel solution for SAP® BTP.
+In this article, you learned about the Microsoft Sentinel solution for SAP BTP.
 
 > [!div class="nextstepaction"]
-> [Deploy the Microsoft Sentinel Solution for SAP® BTP](deploy-sap-btp-solution.md)
+> [Deploy the Microsoft Sentinel Solution for SAP BTP](deploy-sap-btp-solution.md)

articles/sentinel/sap/sap-btp-solution-overview.md

@@ -20,8 +20,19 @@ The listed features were released in the last three months. For information abou
 
 ## July 2024
 
+- [SAP Business Technology Platform (BTP) connector now generally available](#sap-business-technology-platform-btp-connector-now-generally-available-ga)
 - [Microsoft unified security platform now generally available](#microsoft-unified-security-platform-now-generally-available)
 
+### SAP Business Technology Platform (BTP) connector now generally available (GA)
+
+The Microsoft Sentinel Solution for SAP BTP is now generally available (GA). This solution provides visibility into your SAP BTP environment, and helps you detect and respond to threats and suspicious activities.
+
+For more information, see:
+
+- [Microsoft Sentinel Solution for SAP Business Technology Platform (BTP)](sap/sap-btp-solution-overview.md)
+- [Deploy the Microsoft Sentinel solution for SAP BTP](sap/deploy-sap-btp-solution.md)
+- [Microsoft Sentinel Solution for SAP BTP: security content reference](sap/sap-btp-security-content.md)
+
 ### Microsoft unified security platform now generally available
 
 Microsoft Sentinel is now generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. The Microsoft unified security operations platform brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
@@ -222,13 +233,13 @@ Windows DNS events can now be ingested to Microsoft Sentinel using the Azure Mon
 
 ### Reduce false positives for SAP systems with analytics rules
 
-Use analytics rules together with the [Microsoft Sentinel solution for SAP® applications](sap/solution-overview.md) to lower the number of false positives triggered from your SAP® systems. The Microsoft Sentinel solution for SAP® applications now includes the following enhancements:
+Use analytics rules together with the [Microsoft Sentinel solution for SAP applications](sap/solution-overview.md) to lower the number of false positives triggered from your SAP systems. The Microsoft Sentinel solution for SAP applications now includes the following enhancements:
 
 - The [**SAPUsersGetVIP**](sap/sap-solution-log-reference.md#sapusersgetvip) function now supports excluding users according to their SAP-given roles or profile.
 
 - The **SAP_User_Config** watchlist now supports using wildcards in the **SAPUser** field to exclude all users with a specific syntax.
 
-For more information, see [Microsoft Sentinel solution for SAP® applications data reference](sap/sap-solution-log-reference.md) and [Handle false positives in Microsoft Sentinel](false-positives.md).
+For more information, see [Microsoft Sentinel solution for SAP applications data reference](sap/sap-solution-log-reference.md) and [Handle false positives in Microsoft Sentinel](false-positives.md).
 
 ## Next steps