Compliance Monitoring & Real-Time Threat Detection

Protecting SAP systems from cyber threats has become an increasingly difficult and complex task due to the interconnectedness of modern ERP platforms.

Xiting’s solutions for centralized compliance monitoring enable organizations to better protect SAP systems from internal and external threats and reduce common vulnerabilities such as dangerous RFCs, changes to security-related configuration and security parameters, critical permissions assigned to your users (e.g. SAP_ALL), reduce attempted operating system level commands on your SAP gateway, and many more.

Your Contact

Marc Spitzer
SAP Security Expert
[email protected]

Do you have a need in the area of compliance monitoring?

Get more information here!

Our services at a glance…

Protect yourself from cyberattacks by monitoring security-critical events in real time!

Central compliance monitoring doesn‘t have to be complicated or time-consuming when you monitor defined system settings and checks. By detecting security gaps and implementing security requirements, you can achieve a good level of security. Cybercriminals are constantly discovering new ways to penetrate systems gradually over months. Consequently, attacks are frequently detected too late, and vulnerabilities are exploited.

Systems for cyber-attack detection are therefore leading-edge technology today. These systems establish correlations between different logs collected within SAP systems and provide real-time alerts about potential threats. Depending on the specific needs, these alerts can be sent via email or directly forwarded to a connected SIEM system (SIEM = Security Information Event Management).

The Security Architect serves as a central tool for monitoring compliance in SAP systems. The SIEM Framework offers you the option of reading out various SAP logs and forwarding them to your SIEM system in a standardized format. The integrated rule engine enables the evaluation of log entries for potential threats in real time. In this way, safety-critical events can be detected and reported through complex connections.

There are several options available for transferring the logs to a SIEM system, such as: the syslog protocol or the transfer via file. If the logs are sent directly to the SIEM system, they can be encrypted to prevent the logs from being accessed while they are being transferred. The desired line format can also be freely selected, e.g. JSON or CEF format.

In order to make the connection of a complex and distributed SAP landscape as simple as possible, the SIEM Framework can be operated in a central mode. A SAP ABAP central system is defined, which connects all other SAP systems in the landscape via RFC, controls the log and event collection and communicates with the SIEM system. This creates a central entry and connection point between the SIEM and SAP world, instead of having to set up a separate log collector for each individual SAP system.

In conjunction with a SIEM system, the Security Architect and the SIEM Framework are able to make even large SAP landscapes evaluable and transparent in real time. It is therefore a crucial component for the integration and the development of a holistic security monitoring.

What are the advantages of the SIEM Framework?


Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now