You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sap/sap-agent-migrate.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,13 +51,13 @@ Your existing investment in the Microsoft Sentinel Solution for SAP analytic rul
51
51
1. **Monitor**: Run both the containerized agent and the agentless data connector in parallel for a defined period to ensure stability and completeness of log collection.
52
52
1. **Decommission**: Once you have validated that the agentless data connector is functioning correctly, proceed to decommission the containerized SAP agent. See the "[Stop SAP data collection](stop-collection.md)" article for details.
53
53
54
-
## Feature parity
55
-
56
-
The agentless data connector provides built-in feature parity with the containerized SAP agent for most important use cases regarding analytic rules and workbooks. See the [content reference](sap-solution-security-content.md) for details. Less relevant features are being covered through the extension patterns available for the agentless data connector. Watchlists and Playbooks remain fully functional without any changes. You may consider using the capabilities of SAP Integration Suite however to further simplify your SOAR workflows. See [this integration flow](https://github.com/Azure-Samples/Sentinel-For-SAP-Community/tree/main/integration-artifacts) for SAP user blocking.
57
-
58
54
> [!IMPORTANT]
59
55
> Review the authorizations of the Sentinel user and role on your SAP systems used with the containerized agent. The agentless data connector requires less but different authorizations compared to the containerized SAP agent. Refer to the [configuration guide](/azure/sentinel/sap/preparing-sap?pivots=connection-agentless#configure-the-microsoft-sentinel-role) for details and SAP role sample for minimum authorizations.
60
56
57
+
## Feature parity
58
+
59
+
The agentless data connector provides built-in feature parity with the containerized SAP agent for most important use cases regarding analytic rules and workbooks. See the [content reference](sap-solution-security-content.md) for details.
60
+
61
61
All analytics rules and workbooks built on the underlying SAP sources mentioned on the [table reference](./sap-solution-log-reference.md#logs-collected-by-the-agentless-data-connector) remain functional without any changes.
62
62
63
63
These sources include but are not limited to the following [logs](sap-solution-security-content.md#built-in-analytics-rules):
@@ -66,6 +66,8 @@ These sources include but are not limited to the following [logs](sap-solution-s
66
66
- SAPcon - Change Documents Log
67
67
- User and User Authorization Details
68
68
69
+
The solution scope can be extended through [extensions patterns](https://github.com/Azure-Samples/Sentinel-For-SAP-Community) available for the agentless data connector. Watchlists and Playbooks remain fully functional without any changes.
70
+
69
71
SAP HANA database or OS-level detections are out of scope for the comparison because they are covered by their own connectors in Microsoft Sentinel.
0 commit comments