BTP - Cloud Identity Service application configuration monitor

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies CRUD operations on Application (SSO Domain/Service Provider) configurations within SAP Cloud Identity Service. This includes both SAML 2.0 and OpenID Connect applications. Unauthorized application creation could indicate an attacker establishing persistent access through a rogue federated application.

Attribute	Value
Type	Analytic Rule
Solution	SAP BTP
ID	3f8a2c5e-7b9d-4e1a-8f6c-2d4b9a1e3c7f
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, PrivilegeEscalation
Techniques	T1606, T1556, T1134
Required Connectors	SAPBTPAuditEvents
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SAPBTPAuditLog_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SAP BTP