Data Source
SAP S/4HANA Cloud Public Edition provides security audit logs (SAL) containing user authentication events, transaction codes, authorization checks, and system access patterns from SAP cloud environments. The solution ingests audit data via OData services using basic authentication.
Ingestion Mechanism
CCF-based connector with DCR transformation that polls SAP S/4HANA Cloud Public Edition OData API endpoints for security audit log events. The connector transforms raw SAP audit data into the ABAPAuditLog table format used by Microsoft Sentinel Solution for SAP.
Security Impact (Visibility & Fidelity)
Previously, SAP S/4HANA Cloud Public Edition customers had no native method to ingest security audit logs into Microsoft Sentinel, creating a significant blind spot for cloud SAP environments. This connector closes that gap by providing visibility into user activities, transaction codes (slgtc), authorization events, and suspicious access patterns in cloud SAP deployments.
Affected Files
Solutions/SAP S4 Cloud Public Edition/Data Connectors/SAPS4PublicPollerConnector/SAPS4Public_connectorDefinition.json
Solutions/SAP S4 Cloud Public Edition/Data Connectors/SAPS4PublicPollerConnector/SAPS4Public_DCR.json
Solutions/SAP S4 Cloud Public Edition/Data Connectors/SAPS4PublicPollerConnector/SAPS4Public_PollingConfig.json
(packaging artefacts: mainTemplate.json, createUiDefinition.json, Solution_SAPS4Public.json)