BTP - Cloud Integration tampering with security material

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies operations on security material (credentials, certificates, and keys) within SAP Cloud Integration. This includes credentials (passwords/secrets), X.509 certificates and key pairs, and PGP keys. Unauthorized manipulation of security material could indicate an attacker attempting to: - Gain access to external systems using stored credentials - Intercept or tamper with encrypted communications - Establish persistence through certificate manipulation - Cover tracks by deleting security a

Attribute	Value
Type	Analytic Rule
Solution	SAP BTP
ID	8d5f3a1b-9c2e-4f7d-b8a6-1e4c7f9d2b5a
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, DefenseEvasion
Techniques	T1552, T1070
Required Connectors	SAPBTPAuditEvents
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SAPBTPAuditLog_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SAP BTP