PowerConnect for SAP Solutions
PowerConnect for SAP Solutions
Breadcrumbs

SAP BTP Audit Logs

Overview

SAP BTP provides an audit log service for both Neo and Cloud Foundry environments. This service logs security related events for all platform services used within a SAP BTP tenancy.

Data Collected

  • Data protection and privacy related

    • audit.data-access read-access logging records for access to sensitive personal data;

    • audit.data-modification data modification logging records for sensitive personal data.

    Security related

    • audit.security-events logging of general security events like login, logout, and other;

    • audit.configuration logging of security critical configuration changes.

APIs Used

Status

Generally Available

Configuration

PowerConnect Cloud requires access to the SAP AuditLog API to be able to extract audit log data. The most secure way to do this is add PowerConnect Cloud as an OAuth client to your SAP BTP tenancy. To do this follow the steps below for your environment:

SAP Cloud Foundry

  • If you have not already done so create an Audit Log Retrievel API instance

  • Login to the SAP BTP Cockpit

  • Under Service Market Place choose Auditlog Management then click Create

image-20211028-224811.png


  • Fill in the required information including the instance name

    image-20211028-224551.png

  • Click Create

  • The Instance should then be provisioned, click View Instance

image-20211007-022115.png

  • Under the instances view choose the Audit Log instance you just created then click on the Create button to create a Service Key

image-20211007-022233.png

  • Provide a name for the Service Key then click Create

image-20211007-022327.png

  • Once the Service Key has been created click on the three dots to get the dropdown menu then click View

image-20211007-022410.png

  • Note down the following:

    • The platform host in the url field (in the example below its us10.hana.ondemand.com)

    • clientid

    • clientsecret

    • identityzone

image-20211007-022817.png

  • Follow the instructions in the section below called “Adding an Audit Log Input in PowerConnect Cloud” to configure PowerConnect Cloud with these details

SAP Neo

  • Login to the SAP BTP Cockpit

  • In the menu on the left hand side click OAuth under the Security section then click the Platform API tab then click Create API Client

  • image-20211007-025933.png

    In the API and Scopes tick the Audit Log Service, fill in the Description then click Save

  • image-20211007-030103.png

    Note down the Client ID and Client Secret

  • Click on the Branding Tab and note down the platform host (in the example below its ap1.hana.ondemand.com)

  • image-20211007-031251.png

  • Click on Overview in the left hand side menu and note down the Technical Name of the Subaccount under Subaccount Information

  • image-20211007-030857.png

    You should now have 4 pieces of information

    • Client ID

    • Client Secret

    • Platform Host

    • Subaccount

  • Follow the instructions in the section below called “Adding an Audit Log Input in PowerConnect Cloud” to configure PowerConnect Cloud with these details

Adding an Audit Log Input in PowerConnect Cloud

  • Login to the PowerConnect Cloud web UI

  • Click on the Inputs link in the menu bar

  • Click the + button to add a new Input

image-20210309-115015.png

  • Select CF or Neo as the Platform

  • Choose audit-log-cf or audit-log-neo sap-btp depending on the target platform

    image-20240906-221713.png


  • Fill in the form with the details you noted down when creating the Service Key above

image-20211007-025249.png

  • Choose the Splunk output you wish to send the BTP audit logs to

  • Note the System ID value will be mapped to the source field in Splunk

  • Click Save

  • The Input is now created