Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Best Practice 9.1 – Understand your strategy for SAP application and database security event analysis - SAP Lens

Best Practice 9.1 – Understand your strategy for SAP application and database security event analysis

PDFRSS

Without keeping security logs at the appropriate levels of granularity, vital data required for incident response, forensic security analysis, and threat modeling can be lost. SAP security staff must be able to evaluate potential security incidents affecting SAP systems in alignment with your business security requirements. For SAP workloads running on AWS, the AWS services described in the Well-Architected Framework Security Pillar are a helpful starting point in conjunction with the following suggestions.

Suggestion 9.1.1 – Determine which logs are required to detect security events

For individual SAP software and supported databases refer to the SAP NetWeaver Guide Finder as well as the SAP NetWeaver Security Guide for what logs might be applicable (for example, read access logging). In addition, review the SAP advisory on security logging and related topics surrounding best practices for your development activities.

Suggestion 9.1.2 – Develop mechanisms for storing and analyzing logs

Having relevant data regarding potential security events is necessary for any secure SAP installation, but it is equally important to store that data securely and have the necessary tools for searching and analyzing the data in an efficient and timely manner. One option within AWS includes using the CloudWatch Agent to store instance logs and SAP application logs relevant to security in an Amazon CloudWatch log group. Such logs could also be exported to Amazon S3 for holistic log analysis and for integration with third-party log analytics solutions.

Refer to the following for help with assembling, combining, and analyzing your SAP on AWS security logs:

Suggestion 9.1.3 – Use machine learning to analyse and determine events of importance

Consider applying pattern recognition, anomaly detection, or both to security logs to assist in determining potential threats and events of importance to your SAP workload. AWS managed services, such as AWS Security Hub and Amazon GuardDuty, can help, combined with third-party security solutions from the AWS Marketplace.

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.