SecurityBridge: SAP data to Microsoft Sentinel
Solution: SecurityBridge App
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | SecurityBridge |
| Support Tier | Partner |
| Support Link | https://securitybridge.com/contact/ |
| Categories | domains,verticals |
| Version | 3.2.1 |
| Author | SecurityBridge - support@securitybridge.com |
| First Published | 2022-02-17 |
| Solution Folder | SecurityBridge App |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (9%) |
The SecurityBridge App solution provides the capability to ingest SecurityBridge Threat Detection events from all on-premise and cloud based SAP instances into Microsoft Sentinel.
This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.
NOTE: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
ABAPAuditLog |
SecurityBridge Solution for SAP | - |
SecurityBridgeLogs_CL |
SecurityBridge Threat Detection for SAP | - |
SecurityBridge_CL |
SecurityBridge Solution for SAP | - |
Content Items
This solution includes 2 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 1 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| SecurityBridge: A critical event occured | Medium | InitialAccess | - |
Workbooks
| Name | Tables Used |
|---|---|
| SecurityBridgeThreatDetectionforSAP | - |
Additional Documentation
📄 Source: SecurityBridge App/README.md
Deployment of Sentinel Connector for SecurityBridge Threat Detection for SAP through Content Hub
This ARM template will deploy a connecter for "SecurityBridge Threat Detection for SAP" with the following elements: * Connector * Workbook * Parser Function
Follow the below steps to deploy this solution in your environment:
* Log on to Azure Portal
* Navigate to Azure Sentinel and select your workspace
* Select Content Hub
* Search for SecurityBridge Threat Detection for SAP
* Click on Install and then click on Create
* Follow the steps to install the connector
Deployment of Sentinel Connector for SecurityBridge Threat Detection for SAP through ARM template
This ARM template will deploy a connecter for "SecurityBridge Threat Detection for SAP" with the following elements: * Connector * Workbook * Parser Function
This is only a temporary solution to deploy the connector manually until the official connector is available on the content hub.
Pre-reqs
- Log in: You should be logged into the Azure Sentinel Environment
- Workspace Name: Workspace id of the azure sentinel.
- Workspace Location: You can get that from Sentinel > Settings > Workspace Settings > Properties > Location. For example
southcentralus - Installation of Azure Sentinel Agent on the SAP Machine
- Path of logs file generation
- Cron job to be added to the machine to append the newly created logs into an already existing file
- Logs reception in a custom table named "SecurityBridgeLogs_CL"
Installation Steps
- Click on the Deploy to Azure button below
- Select the Resource Group where Azure Sentinel is deployed
- Add the name of the Azure Sentinel Workspace in the Workspace box
- Leave rest of the items intact
- Click on Review + create button
- Wait for the validation to complete
- Click on Create
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.2.1 | 22-09-2025 | adding SecurityBridge_CL table |
| 3.2.0 | 15-07-2025 | adding push API data connector |
| 3.1.0 | 12-02-2025 | Adjusted contact and support |
| 3.0.1 | 07-01-2025 | Removed Deprecated Data connector |
| 3.0.0 | 08-08-2024 | Deprecating data connectors |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊