Skip to content

Commit 0fbc4bd

Browse files
denisebmsftdenisebmsft
committed
Update mde-sap-custom-detection-rules.md
1 parent 6160621 commit 0fbc4bd

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

defender-endpoint/mde-sap-custom-detection-rules.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -47,10 +47,10 @@ The SAP BASIS Team and the Security team should codevelop the solution. The SAP
4747

4848
3. The Security team identifies all the SAP servers and runs a query for `"InitiatingProcessName" == "sapxpg"`, noting which servers are starting SAPXPG.
4949

50-
- It is recommended to limit the number of servers running SAPXPG to a minimum and to disallow SAPXPG on most SAP servers.
50+
- It's recommended to limit the number of servers running SAPXPG to a minimum and to disallow SAPXPG on most SAP servers.
5151
- The SAP BASIS team and Security team should limit access to the authorization objects and transaction codes for SAPXPG.
5252

53-
4. The SAP BASIS team briefs the Security team on any "allowed" utilities, such as BRTOOLS (for Oracle customers), AzCopy (if used) or other specific utilities for printing or archiving.
53+
4. The SAP BASIS team briefs the Security team on any "allowed" utilities, such as `BRTOOLS` (for Oracle customers), `AzCopy` (if used) or other specific utilities for printing or archiving.
5454

5555
5. The Security teams works with the SAP BASIS team to query SAPXPG commands and parameters. An example query to detect or block "wget" (which can be used to download malicious payloads) is as follows:
5656

@@ -99,9 +99,9 @@ The SAP BASIS Team and the Security team should codevelop the solution. The SAP
9999

100100
## Additional information
101101

102-
To trace SAPXPG using `sapxpg_trace`, see [SAP documentation: Analyzing Problems with External Commands and Programs](https://help.sap.com/doc/saphelp_snc700_ehp01/7.0.1/en-US/4b/272d0ed1341780e10000000a42189c/content.htm?no_cache=true).
103-
102+
- To trace SAPXPG using `sapxpg_trace`, see [SAP documentation: Analyzing Problems with External Commands and Programs](https://help.sap.com/doc/saphelp_snc700_ehp01/7.0.1/en-US/4b/272d0ed1341780e10000000a42189c/content.htm?no_cache=true).
104103

104+
- To learn more about advanced hunting, see [Proactively hunt for threats with advanced hunting in Microsoft Defender](/defender-xdr/advanced-hunting-overview).
105105

106106

107107

0 commit comments

Comments
 (0)