Hi Artur
I'm facing the same problem and till now i have found 2 supported ways to do this.
1- A third party application wich is not for free and not cheap (ETM).
2- A module of SAP (ETD) wich send events to Qradar, to can interpretate this events you must:
- Update your Protocol-Common RPM (Fixcentral)
- Download the SAP ETD Alert API Threat Detection DSM RPM (Fixcentral)
- Download de SAP Enterprise Threat Detection DSM RPM (Fixcentral), if you try to install this one first it will ask for the steps a mentioanted before, in the same order
After did that you must configure your Qradar to receive the events from SAP.
For more information refer to the next link :
https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_SAP_Enterprise_overview.htmlI would appreciate a feedback about what worked to you
Thanks
------------------------------
Johan López
------------------------------
Original Message:
Sent: Tue July 16, 2019 05:00 AM
From: Artur Gazda
Subject: SAP Integration
Hello Community,
Has someone experience with integrating SAP logs directly into QRadar without 3rd party tools?
I am curious about the way to do it, the requirements and best practises.
Thank You!
------------------------------
Artur Gazda
------------------------------