Document toolboxDocument toolbox

SMGW_SEC

Data Description

The SMGW_SEC event is used in SAP to show the content from the secinfo and reginfo security files which control the ability to access external programs from the gateway and register which programs can be executed.

Potential Use Cases

This event could be used in the following scenarios:

  • Identify potential risks associated with users that can access internal systems from the gateway based on the parameters set.

  • View which programs can be registered on the gateway.

Splunk Event

SMGW_SEC with EVENT_SUBTYPE=”SEC”

This event is used to view the content from the secinfo file. This file is used to prevent unauthorized launching of external programs.

SMGW_SEC with EVENT_SUBTYPE=”REG”

Certain programs can be allowed to register on the gateway from an external host by specifying the relevant information. You can also control access to the registered programs and cancel registered programs. This event allows you to see the registered programs. The event will look like this in Splunk:

SAP Navigation

SMGW_SEC with EVENT_SUBTYPE=”SEC”

This event is used to view the content from the secinfo file. Execute the SMGW transaction and follow the path Goto → Expert Functions → External Security → Display (Sec Info).

 

 

The information on the screen will match the data that is extracted and sent to Splunk.

 

SMGW_SEC with EVENT_SUBTYPE=”SEC”

This event is used to view the content from the reginfo file. Execute the SMGW transaction and follow the path Goto → Expert Functions → External Security → Display (Reg. Info).

The information on the screen will match the data that is extracted and sent to Splunk.