SAP Enterprise Threat Detection

The IBM QRadar DSM for SAP Enterprise Threat Detection collects events from an SAP Enterprise Threat Detection server. SAP Enterprise Threat Detection enables real-time security intelligence to help protect against cybersecurity threats and help ensure data loss prevention.

To integrate SAP Enterprise Threat Detection with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Protocol-Common RPM
    • SAP ETD Alert API Protocol RPM
    • SAP Enterprise Threat Detection DSM RPM
  2. Configure QRadar to receive events from SAP Enterprise Threat Detection. See SAP Enterprise Threat Detection Alert API log source parameters for SAP Enterprise Threat Detection.
  3. Configure SAP Enterprise Threat Detection to communicate with QRadar. See the Enterprise ThreatMonitor Integration documentation. (https://www.enterprise-threat-monitor.com/sap-qradar-enterprise-threat-detection-siem-integration/)
  4. If QRadar does not automatically detect the log source, add an SAP Enterprise Threat Detection log source on the QRadar Console.