Pathlock CAC: Threat Detection & Response Microsoft Sentinel Integration

Solution: Pathlock_TDnR

Pathlock_TDnR Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Pathlock Inc.
Support Tier	Partner
Support Link	https://pathlock.com/support/
Categories	domains,verticals
Version	3.0.0
Author	Pathlock Inc. - support@pathlock.com
First Published	2022-02-17
Solution Folder	Pathlock_TDnR
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Pathlock TD&R integration enables organizations to seamlessly forward Pathlock Threat Detection and Response (TD&R) events from both on-premise and cloud-based SAP systems into Microsoft Sentinel Solution for SAP for unified security visibility and incident correlation across the enterprise.

Built on Pathlock’s Cybersecurity Application Controls (CAC) platform, this connector utilizes the Common Connector Platform (CCP) framework to securely transmit log and event data while maintaining data integrity and governance. The Custom Logs solution is automatically deployed during installation, ensuring a quick and reliable setup without manual configuration steps.

With this integration, SOC and SAP security teams can: - Consolidate SAP-specific threat intelligence and correlate it with enterprise events in Microsoft Sentinel. - Leverage 4500+ Pathlock detection signatures and 75+ SAP log sources for comprehensive SAP monitoring. - Automate alerting and response workflows in Microsoft Sentinel for faster mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR). - Maintain audit readiness by demonstrating end-to-end visibility of SAP threat activity.

This out-of-the-box connector simplifies secure event forwarding from SAP to Microsoft Sentinel—enabling centralized analysis, compliance reporting, and proactive response within your existing security ecosystem.

Data Connectors
Tables Used
Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

Pathlock Inc.: Threat Detection and Response for SAP

Tables Used

This solution uses 2 table(s):

Table	Used By Connectors	Used By Content
`ABAPAuditLog`	Pathlock Inc.: Threat Detection and Response for SAP	-
`Pathlock_TDnR_CL`	Pathlock Inc.: Threat Detection and Response for SAP, Pathlock Threat Detection and Response Integration	-

Additional Documentation

📄 Source: Pathlock_TDnR/README.md

This project provides an ARM template to deploy the "Pathlock Threat Detection & Response (TD&R)" connector in Microsoft Sentinel Solution for SAP. The deployment includes the following components: - Connector - Workbook - Parser Function

Deployment via Content Hub

To deploy using the Content Hub:

Log in to the Azure Portal.
Navigate to Microsoft Sentinel and select your workspace.
Go to Content Hub.
Search for Pathlock Threat Detection & Response (TD&R).
Click Install, then Create.
Follow the prompts to complete the installation.

Deployment via ARM Template

If the connector is not yet available in the Content Hub, you can deploy it manually using the provided ARM template.

Prerequisites

Access to the Microsoft Sentinel environment.
Workspace name and location (found in Sentinel > Settings > Workspace Settings > Properties > Location).
Microsoft Sentinel Agent installed on the relevant system.
Path for log file generation.
Cron job configured to append new logs to an existing file.
Logs must be received in a custom table named Pathlock_TDnR_CL.

Installation Steps

Click the Deploy to Azure button below.
Select the Resource Group where Microsoft Sentinel is deployed.
Enter the Microsoft Sentinel Workspace name.
Leave other settings as default.
Click Review + create.
Wait for validation, then click Create.

This solution is provided by Pathlock as a temporary deployment method until the official connector is available in the Content Hub.

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	05-11-2025	Initial Solution Release