Sneak Peak:
Dear community,
There are various problematic attack vectors for SAP backends, but one is more prominent than others: SAP Audit Log deactivation ☠️. Maybe because SAP forensics people are practically blind or because it demos well at security conferences 🤪. Up to you to judge.
A recent conversation with a customer from the oil industry confirmed the need to release yet another playbook. This time specifically for the out-of-the-box analytic rule “Deactivation of Security Audit Log”.
Note the skipped approval step in Teams compared to part 1 of the blog series. The playbook was designed with the assumption in mind that such a critical event should be acted upon immediately without human intervention.
Navigate to the full post here.