🔍 SAP LogServ (RISE), S/4HANA Cloud private edition
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | SAPLogServ |
| Publisher | SAP SE |
| Used in Solutions | SAP LogServ |
| Collection Method | CCF Push |
| Connector Definition Files | SAPLogServ.json |
| CCF Configuration | SAPLogServ_dataConnector.json |
| CCF Capabilities | Push |
| Ingestion API | Log Ingestion API — CCF Push connectors use DCR-based Log Ingestion API |
SAP LogServ is an SAP Enterprise Cloud Services (ECS) service aimed at collection, storage, forwarding and access of logs. LogServ centralizes the logs from all systems, applications, and ECS services used by a registered customer.
Main Features include:
Near Realtime Log Collection: With ability to integrate into Microsoft Sentinel as SIEM solution.
LogServ complements the existing SAP application layer threat monitoring and detections in Microsoft Sentinel with the log types owned by SAP ECS as the system provider. This includes logs like: SAP Security Audit Log (AS ABAP), HANA database, AS JAVA, ICM, SAP Web Dispatcher, SAP Cloud Connector, OS, SAP Gateway, 3rd party Database, Network, DNS, Proxy, Firewall
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SAPLogServ_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required. - Keys (Workspace): Read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys
Custom Permissions: - Microsoft Entra: Permission to create an app registration in Microsoft Entra ID. Typically requires Entra ID Application Developer role or higher. - Microsoft Azure: Permission to assign Monitoring Metrics Publisher role on data collection rules. Typically requires Azure RBAC Owner or User Access Administrator role.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Create ARM Resources and Provide the Required Permissions
We will create data collection rule (DCR) and data collection endpoint (DCE) resources. We will also create a Microsoft Entra app registration and assign the required permissions to it.
Automated deployment of Azure resources
Clicking on "Deploy push connector resources" will trigger the creation of DCR and DCE resources. It will then create a Microsoft Entra app registration with client secret and grant permissions on the DCR. This setup enables data to be sent securely to the DCR using a OAuth v2 client credentials. - Deploy push connector resources Application: SAP LogServ push to Microsoft Sentinel
2. Maintain the data collection endpoint details and authentication info in SAP LogServ
Share the data collection endpoint URL and authentication info with the SAP LogServ administrator to configure the SAP LogServ to send data to the data collection endpoint.
Learn more from this blog series.
- Use this value to configure as Tenant ID in the LogIngestionAPI credential.: TenantId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Entra Application ID:
ApplicationIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Entra Application Secret:ApplicationSecretNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Use this value to configure the LogsIngestionURL parameter when deploying the IFlow.:DataCollectionEndpointNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - DCR Immutable ID:DataCollectionRuleIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊