Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page
  • Step 1: Enable SIEM in Protect4S VM Application Settings
  • Step 2: Activate SIEM for every relevant Project Scan

Was this helpful?

SIEM Interface

PreviousCheck exemptionsNextIntegration

Last updated 1 year ago

Was this helpful?

As more organizations are moving towards a centralized way of Security Monitoring via SIEM solutions, functionality has been added to Protect4S VM to send relevant SAP Security Scan output directly into your SIEM provider of choice. This allows customers to feed SAP specific Security events into SIEM solutions for actionable insight and faster response to SAP threats.

Example for Splunk:

Step 1: Enable SIEM in Protect4S VM Application Settings

In the Application Settings enable SIEM by selecting: the desired output format (CEF or LEEF), the desired directory path from which the files can be picked up by SIEM. Optionally, you can also add a desired prefix for the generated files:\

Step 2: Activate SIEM for every relevant Project Scan

In the Project Configuration, for every relevant Scan, set the "Export to SIEM" flag and also select the appropriate Risk value (for example High for SAP production systems).

Note: For the chosen Risk value goes: Only failed checks with that Risk value or higher are forwarded to the SIEM solution. If you set this value to NONE; All output is forwarded, also the PASSED checks. After completing these 2 steps, the Protect4S VM setup for SIEM is completed, in addition the SIEM solution must be adapted to pick up the generated files from the Output Directory patch configured in Step 1.

Splunk data supplied by Protect4S
Selecting output format and location in SIEM settings
Activating SIEM output for a Scan