BTP - Cloud Integration access policy tampering

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Identifies changes to access policies in SAP Cloud Integration. Access policies control authorization for integration artifacts, defining which users and roles can access specific integration flows and related content. Unauthorized access policy manipulation could indicate: - Attacker granting themselves access to sensitive integration artifacts - Removal of security controls to enable further malicious activity - Defense evasion by modifying artifact references to hide unauthorized access

Attribute Value
Type Analytic Rule
Solution SAP BTP
ID 9e6f4b2c-0d3e-5a8f-c9b7-2f5d8a1e4c6b
Severity High
Status Available
Kind Scheduled
Tactics DefenseEvasion, PrivilegeEscalation
Techniques T1548, T1222
Required Connectors SAPBTPAuditEvents
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
SAPBTPAuditLog_CL ? ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to SAP BTP