Automatic response with Microsoft Sentinel SOAR capabilities

  • 7 minutes

Use prebuilt playbooks for security, orchestration, automation, and response capabilities (SOAR) to react to threats quickly. A popular first scenario is SAP user blocking with intervention option from Microsoft Teams. The integration pattern can be applied to any incident type and target service spanning towards SAP Business Technology Platform (BTP) or Microsoft Entra ID regarding reducing the attack surface.

For more information on Microsoft Sentinel and SOAR for SAP, see the blog series From zero to hero security coverage with Microsoft Sentinel for your critical SAP security signals.

Screenshot of using Microsoft Sentinel SOAR capability with SAP RISE/ECS.

This image shows an SAP incident detected by Microsoft Sentinel offering the option to block the suspicious user on the SAP ERP, SAP Business Technology Platform, or Microsoft Entra ID.

For more information on Microsoft Sentinel and SAP, including a deployment guide, see Microsoft Sentinel product documentation.