filmov
tv
SAP Security Audit Log what should you activate
Показать описание
Visit our website here
00:00 - Intro
00:18 - Security audit logs
00:40 - Events classification
00:58 - Which events should be activated
01:49 - If necessary, give priority to events considered critical
02:04 - Logs management policy
02:28 - What to do
03:03 - Follow us to learn more
You know there is security audit log but don't know which events to activate? You already activated it for some events, but should you activate others?
I'll tell you my take on that!
INTRO
Hi my name is Andrea and today we’re going to take a look at security audit logs.
It is a tool that has basically always existed. Over the years it has become increasingly enhanced its potential.
But what is it used for? It is useful once activated, as it is not active by default, to track a whole series of events recorded in the system.
Each event is grouped into classes, for example by system events, users, logons, and so on.
Each event has a level of importance. SAP has already defined many of them and classified them. But it is possible, though not so common, to add more.
One of the most common questions is: which and how many events should I activate?
There is only one answer: ALL OF THEM!
There are no events not to be considered. All are necessary.
Unfortunately, this is not always applicable for a variety of reasons, mainly related to database or disk space.
But why should I register all the events? Can’t I just activate the critical ones?
You should activate and manage all the events, and later move them in a SIEM. From the latter, critical events would then be analyzed and correlated, defining a data retention and archiving policy thereafter.
As we said, this is not always possible. Due to space problems therefore costs, lack of SIEM tools or storage or other reasons.
If you really can't then concentrate on activating events that are considered critical. They should, by the way, be activated in a limited way, in such a way to generate little volume of data and logs.
Be careful, as usual, the logs must then be managed. Just like if you activate everything or if you only activate critical events but then you don't have a policy to manage those logs and the events generated then it doesn't make much sense. If not for detective investigation mode. Following then forensically occurring events.
Here’s what to do in order:
1) If you have not already done so, activate the security audit log as soon as possible
2) Activate all events, defining a way to manage logs, both as event analysis and correlation and as data management, then retention policies
3) If you can't activate all events, activate at least those considered critical, without distinction
4) In any case, define how you want to use these logs to detect noncompliant actions
Contact us if you want to learn more on how to improve you SAP systems’ security-
See you soon, bye!
#SAP #SAPSecurity #AGLEA
=======================================================
*Subscribe to our channel here
*Visit our website here
*Follow us on LinkedIn
00:00 - Intro
00:18 - Security audit logs
00:40 - Events classification
00:58 - Which events should be activated
01:49 - If necessary, give priority to events considered critical
02:04 - Logs management policy
02:28 - What to do
03:03 - Follow us to learn more
You know there is security audit log but don't know which events to activate? You already activated it for some events, but should you activate others?
I'll tell you my take on that!
INTRO
Hi my name is Andrea and today we’re going to take a look at security audit logs.
It is a tool that has basically always existed. Over the years it has become increasingly enhanced its potential.
But what is it used for? It is useful once activated, as it is not active by default, to track a whole series of events recorded in the system.
Each event is grouped into classes, for example by system events, users, logons, and so on.
Each event has a level of importance. SAP has already defined many of them and classified them. But it is possible, though not so common, to add more.
One of the most common questions is: which and how many events should I activate?
There is only one answer: ALL OF THEM!
There are no events not to be considered. All are necessary.
Unfortunately, this is not always applicable for a variety of reasons, mainly related to database or disk space.
But why should I register all the events? Can’t I just activate the critical ones?
You should activate and manage all the events, and later move them in a SIEM. From the latter, critical events would then be analyzed and correlated, defining a data retention and archiving policy thereafter.
As we said, this is not always possible. Due to space problems therefore costs, lack of SIEM tools or storage or other reasons.
If you really can't then concentrate on activating events that are considered critical. They should, by the way, be activated in a limited way, in such a way to generate little volume of data and logs.
Be careful, as usual, the logs must then be managed. Just like if you activate everything or if you only activate critical events but then you don't have a policy to manage those logs and the events generated then it doesn't make much sense. If not for detective investigation mode. Following then forensically occurring events.
Here’s what to do in order:
1) If you have not already done so, activate the security audit log as soon as possible
2) Activate all events, defining a way to manage logs, both as event analysis and correlation and as data management, then retention policies
3) If you can't activate all events, activate at least those considered critical, without distinction
4) In any case, define how you want to use these logs to detect noncompliant actions
Contact us if you want to learn more on how to improve you SAP systems’ security-
See you soon, bye!
#SAP #SAPSecurity #AGLEA
=======================================================
*Subscribe to our channel here
*Visit our website here
*Follow us on LinkedIn
0:20:08
0:03:28
0:02:06
0:04:35
0:13:09
0:33:48
0:02:49
0:02:21
0:50:06
0:20:48
0:02:02
0:02:50
0:22:20
0:09:14
0:05:51
0:04:45
0:03:19
0:04:55
0:01:50
0:02:38
0:03:49
0:03:39
1:04:37
1:04:37