In order to get the greatest visibility and know the details of the lateral movement of attackers, it is utmost important to integrate all relevant and critical systems in the SIEM solution. For getting the insight of SAP databases, an integration has been created to ingest the alarms from SAP ETD within RSA NetWitness and SecOps. When correlating the SAP ETD alarm with packet and log information from the SIEM systems, a Security Analyst is able to understand the full scope of an attack and therefore able to coordinate the correct incident responses.
Customer values/problems solved:
- Integrating SAP ETD logs and correlation of them with SIEM alerts and events from logs and packets provides the full visibility of an attack
- Missing the integration of such, only parts of the attacks will be minimize the visibility and hence the defender will not be able to understand the full attack scope
- RSA NetWitness Suite
- SAP ETD