Course announcements

  • In this course you will learn how to use SAP Enterprise Threat Detection (ETD) to secure and monitor the security of your SAP landscape. The main objective of the course is to understand how the different features of the product can be used, like Alert Processing, Forensic Analysis and Threat Hunting, Security Monitoring, customizing of the SAP delivered Alert Detection Patterns, building of the customer/LOB specific Alert Detection Patterns. An important focus is given to the understanding of the different Log Data coming out of SAP ERP systems.
  • A technical overview shows the different components of ETD on how it can be set up in different modes (e.g. High Availability set up alternatives), and how to connect to the various log sources (especially ABAP-based SAP Systems).
  • Furthermore, the different APIs are discussed to import and export log data into/from ETD, or to push or poll the Alerts from ETD into other Security products.
  • Another important aspect within the course is the setup of processes on how to organize security event monitoring, Alert handling, Security Analysis, and how to build Standard Operation procedures based on Alerts.


  • This course will prepare you to:
    • Understand what SAP Enterprise Threat Detection is, what it does and how it works
    • Have a basic understanding of technical components, system connections and setup options
    • Get a detailed view into the different log data especially coming out of the SAP ERP systems
    • Understand how to ingest non-pre-learned/non-SAP log data into ETD
    • Understand the semantic data model of ETD, i.e. semantic log events and semantic attributes
    • Get a detailed understanding how to process alerts in ETD
    • Get a detailed understanding how to do Security Analysis in ETD and Threat Hunting


  • SAP Security Analyst/Specialist/Expert
  • IT Security Analyst/Specialist/Expert
  • Inhouse Security Response Team member
  • Security & Compliance Responsible
  • SAP System Administrator
  • SAP Basis Administrator
  • Technology Consultant
  • System Architect



  • None

Course based on software release

  • SAP Enterprise Threat Detection installed on a HANA in Memory Database plus an S4H ERP system


  • Introduction
  • Technical Overview – Solution Architecture
  • Technical Overview – Log Sources
  • Semantic Data Model
  • Technical Overview – System Landscape, Sizing and High Availability
  • Readiness Checks and Troubleshooting/Monitoring (Hana Cockpit- Tools/Smart Data Streaming)
  • Pattern Creation Introduction
  • Technical Overview – High Availability, Log-Loss Prevention, Pattern Replay
  • Integration Scenarios - 3rd Party to ETD
  • Integration Scenarios - ETD to 3rd Party
  • Onboarding Lifecycle Overview
  • Alert Processing
  • Business Process Threat Patterns
  • Pseudonymization of User Data
  • Monitoring Dashboard
  • Compliance (Retention period, ETD logs, Who did what in ETD?)
  • Good Practices on Onboarding Lifecycle
  • Read Access Logging and UI logging as Special Log Sources
  • Pattern Building Best Practices
  • Custom Extensions