Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Data Description

The HDB_DBCC_AUDIT event is used to collect HANA Audit logs. As a prerequisite, Audit needs to be configured and enabled on DB side. More information located here: Activate and Configure Auditing - SAP Help Portal

Extractor requires AUDIT READ system privilege to read the log (privilege needs to be assigned to SAP DB user).

Potential Use Cases

Auditing provides you with visibility on who did what in the SAP HANA database (or tried to do what) and when. This allows you, for example, to log and monitor read access to sensitive data. Audit log allows you to monitor and record selected actions performed in the SAP HANA database.

...

  • Uncover security holes if too many privileges were granted to some user

  • Show attempts to breach security

  • Protect the system owner against accusations of security violations and data misuse

  • Allow the system owner to meet security standards

  • Monitor HANA XSA events (starting from SP 7.04/8.00)

Following actions are typically audited:

  • Changes to user authorization

  • Creation or deletion of database objects

  • Authentication of users

  • Changes to system configuration

  • Access to or changing of sensitive information

Splunk Event

The event will look like this in Splunk:

...

SAP Navigation

The Audit log is available on DB level.

Field Mapping

...

Field

...

Description

...