Create Sentinel

Before we start integrating SAP with Microsoft Sentinel, we need to setup components to allow this communication to happen.

This section will show the steps required for this to be accomplished:

Setting up Log Analytics

  1. Go to Azure Portal, click on Create Resource and look for Log Analytics Workspaces sent1
  2. Click Create sent2
  3. Fill in the required informations:
    • Subscription: SELECT YOUR SUBSCRIPTION
    • Resource Group: SAP CAL Resource Group
    • Name: SAPLogAnalyticsWorkspace
    • Region: East US
    • Click on Review + create and then Create sent3

Creating a Microsoft Sentinel workspace

  1. Go to Azure Portal, click on Create Resource and look for Microsoft Sentinel sent4
  2. Click Create sent2
  3. Select the previously created SAPLogAnalyticsWorkspace and click Add sent2
  4. If this is your first Microsoft Sentinel, accept the Trial sent2
  5. On the Get Started click on go to Content Hub so we can add SAP log model to Sentinel sent2
  6. Look for SAP, select the Solution and click Install sent2
  7. On the next screen, click Create sent2
  8. Fill in the required informations:
    • Subscription: SELECT YOUR SUBSCRIPTION
    • Resource Group: SAP CAL Resource Group
    • Deployment Target Workspace: SAPLogAnalyticsWorkspace
    • Click on Review + create and then Create sent3

Alright! With that we set up a place to receive the logs sent by SAP and prepared Sentinel to understand these logs.

On the next steps we will configure SAP to send those logs.