Splunk Community App agileSI ™ for Splunk www.it-cube.net iT-CUBE SYSTEMS GmbH iT-CUBE provides: agileSI ™ for Splunkbase agileSI™ community edition – Security Intelligence for SAP landscapes. The agileSI™ Community Edition enables you to collect and analyze Security Audit Log events of your system landscape on a central instance. The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report. Powerful dashboards and reports give you an overview of: • Changes to the system environment, • User modifications, • User activities and • RFC calls. The agileSI™ Community Edition covers the following use cases out of the box: • Brute Force logins, • Password changes, • Execution of reports and transactions, • Authorization modifications and • User modifications. The agileSI™ Community Edition uses the External Monitoring Interface (XMI) to pick up the SAL events from your SAP systems. It is completely customizable from within splunk‘s web interface. No further installations on SAP are required. This is the Community Edition of agileSI™ for Splunk. This version has only a subset of functions compared to the original agileSI™ version. The agileSI™ Community Edition enables you to collect and analyze Security Audit Log events of your system landscape on a central instance. Figure 1: dashboard agileSI™ community edition
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Splunk Community AppagileSI™ for Splunk
www.it-cube.net iT-CUBE SYSTEMS GmbH
iT-CUBE provides: agileSI™ for Splunkbase
agileSI™ community edition – Security Intelligence for SAP landscapes. The agileSI™ Community Edition enables you to collect and analyze Security Audit Log events of your system landscape on a central instance. The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.
Powerful dashboards and reports give you an overview of:
• Changes to the system environment,• Usermodifications,• User activities and• RFC calls.
The agileSI™ Community Edition covers the following use cases out of the box:
• Brute Force logins,• Password changes,• Execution of reports and transactions,• Authorizationmodificationsand• Usermodifications.
The agileSI™ Community Edition uses the External Monitoring Interface (XMI) to pick up the SAL events from your SAP systems. It is completely customizable from within splunk‘s web interface. No further installations on SAP are required.
This is the Community Edition of agileSI™ for Splunk. This version has only a subset of functions compared to the original agileSI™ version. The agileSI™ Community Edition enables you to collect and analyze Security Audit Log events of your system landscape on a central instance.
Figure 1: dashboard agileSI™ community edition
www.it-cube.net
Paul-Gerhardt-Allee 2481245 München, Germany
T: +49 89 2000 148 00 F: +49 89 2000 148 29
[email protected] www.it-cube.net
iT-CUBE SYSTEMS GmbH
Do you have any questions? Would you like more information? Please feel free to contact us.
agileSI™ stands for Agility plus Security Intelligence. It goes far bey-ond regular SoD checks performed on a few selected systems. With itscertifiedABAP-basedextractorframeworkitintegratesseamlesslywith SAP® landscapes.Centrallymanagedandpreciselyconfiguredextractors offer unlimited access to the various sources within an SAP R/3 system and all its modules. agileSI™ is based on a three layer architectural model with a collection, an administration and an analytics layer.Automation, continuous data extraction and smart correlation are the three key factors to save money, protect transaction integrity and reduce staff workload. That’s why splunk comes into the game. Processing and correlating security events from SAP with event data fromdatabases,applicationservers,workstations,firewalls,proxies,remote access gateways, and other IT-Systems with splunk takes you to a real holistic approach of Log and Security Event Management. agileSI™ combined with splunk is the right solution to get ahead of the auditors. It helps you to lower the number and criticality of their findings,letsyoutransformriskintoremediationandsupportsthefulfillmentofcompliancerequirements.
agileSI™ Extractors and Example Use Cases
Extractor Events/Data Example Use CasesSecurity Audit Log Subset of security events in SAP® systems,
such as (failed) logins, transaction starts, etc.
• Brute force login• User created / deleted /l ocked /
unlocked• Password changes• Execution of reports
System Log SAP® basis log for availability, error tra-cking, security, ...
• Debugging• Execution of OS commands
System Parameters SAP®systemconfiguration • Password policy checks• SAP Gateway check• Encryption of communication
(SNC status)Tables Data stored in tables • System and client change settings
• Single Sign-On / Logon Tickets• RFCconfiguration• Any data stored in any table
Ping Monitor availability • Check availability of SAP® systemsTransport Log Change management through transports
with code, customizing• Updates to roles• Transports of critical objects, at unusual
timesGatewayConfig.&Log Communication with external programs • Monitor 'denied' external callsChange Documents Changes to Business Objects • Roles
• User master dataAccess Controls Authorization data • SoD checksTable Logging Changes to data stored in tables • Monitor critical tables (master data,
conditions of purchase)
agileSI™ full version – a holistic approach for 360° SAP® Security Monitoring.
Figure 2: agileSI™ system architecture
Related Documents
