On 16th March, SAP Enterprise Threat Detection 1.0 exited ramp-up and became generally available. This coincided with the availability of SP01, which incorporate many lessons learned during the ramp-up phase, and I would recommend going straight to SP01 if you are starting a new project. The Implementation Guide and the Operations Guide have been updated with the latest developments.
So what’s new with SP01?
In SP00, the focus was on monitoring of ABAP systems. This remains the case for SP01 with over 50 ABAP-based patterns and the addition of the change document log. However, the first steps were made in expanding the out-of-the-box support for other SAP platforms with the addition of the audit trail from SAP HANA and some patterns based on it.
The audit trail on SAP HANA can be written to the logging system of the operating system (syslog), which is easily configured to transmit using UDP. SAP Enterprise Threat Detection receives the messages, and the incoming events are normalized using the built-in audit trail rules of the new log adapter. Looking forward, this log adapter will also be an important way of integrating non-SAP systems and devices, as it is intended for text-based logs in general.
Relevant SAP Notes
2137018 - Compatibility information for SAP Enterprise Threat Detection support packages and SAP HANA revisions
2128060 - Release Note SAP Enterprise Threat Detection 1.0 SP01 (Revision 2)
2133037 - Enhancements ABAP Interface for SAP Enterprise Threat Detection 1.0 SP01
2068112 - Installation Information for SAP Enterprise Threat Detection 1.0