Course announcements

  • In this course you will learn how to use SAP Enterprise Threat Detection (ETD) to secure and monitor the security of your SAP landscape. The main objective of the course is to understand how the different features of the product can be used, like Alert Processing, Forensic Analysis and Threat Hunting, Security Monitoring, customizing of the SAP delivered Alert Detection Patterns, building of the customer/LOB specific Alert Detection Patterns. An important focus is given to the understanding of the different Log Data coming out of SAP ERP systems.
  • A technical overview shows the different components of ETD on how it can be set up in different modes (e.g. High Availability set up alternatives), and how to connect to the various log sources (especially ABAP-based SAP Systems).
  • Furthermore, the different APIs are discussed to import and export log data into/from ETD, or to push or poll the Alerts from ETD into other Security products.
  • Another important aspect within the course is the setup of processes on how to organize security event monitoring, Alert handling, Security Analysis, and how to build Standard Operation procedures based on Alerts.

Course information

  • Introduction
  • Technical Overview – Solution Architecture
  • Technical Overview – Log Sources
  • Semantic Data Model
  • Technical Overview – System Landscape, Sizing and High
  • Availability
  • Readiness Checks and Troubleshooting/Monitoring (Hana Cockpit-
  • Tools/Smart Data Streaming)
  • Pattern Creation Introduction
  • Technical Overview – High Availability, Log-Loss Prevention,
  • Pattern Replay
  • Integration Scenarios - 3rd Party to ETD
  • Integration Scenarios - ETD to 3rd Party
  • Onboarding Lifecycle Overview
  • Alert Processing
  • Business Process Threat Patterns
  • Pseudonymization of User Data
  • Monitoring Dashboard
  • Compliance (Retention period, ETD logs, Who did what in ETD?)
  • Good Practices on Onboarding Lifecycle
  • Read Access Logging and UI logging as Special Log Sources
  • Pattern Building Best Practices
  • Custom Extensions
  • Possible role-play with exchanging roles, one group of participants acting as attackers, the other group acting as defenders. >
  • This course will prepare you to:
    • Understand what SAP Enterprise Threat Detection is, what it does
    • and how it works
    • Have a basic understanding of technical components, system
    • connections and setup options
    • Get a detailed view into the different log data especially coming
    • out of the SAP ERP systems
    • Understand how to ingest non-pre-learned/non-SAP log data into ETD
    • Understand the semantic data model of ETD, i.e. semantic log events
    • and semantic attributes
    • Get a detailed understanding how to process alerts in ETD
    • Get a detailed understanding how to do Security Analysis in ETD and
    • Threat Hunting
  • SAP Security Analyst/Specialist/Expert
  • IT Security Analyst/Specialist/Expert
  • Inhouse Security Response Team member
  • Security & Compliance Responsible
  • System Administrator
  • System Architect
  • Technology Consultant


  • none
  • SAP Enterprise Threat Detection installed on a HANA in Memory Database plus an S4H ERP system

Find a course date

Can't find a suitable date?

Booking for 1-2 people?

Make a request for us to schedule training around what works for you? We will do our best to consider your request.

Request a training date

Booking for 3+ people?

Our 3 to RUN initiative empowers you to schedule our chosen classroom training course or virtual SAP Live Class on a date that suits you. You need at least three confirmed participants to register and SAP will add it to your schedule.

Find out more