SBDLOG - SAP Secure-by-default Logs

Data Description

The SBDLOG event is used to monitor usage statistics for RFC functions and SICF services.

Potential Use Cases

This event could be used in the following scenarios:

To find usage statistics SAP RFC functions and SICF services
Alert on specific RFC/SICF service usage
Determine RFC/SICF services usage over time
The information can be used to disable unused services and reduce attack

SAP Navigation

Log into the managed SAP system(only S/4HANA 2022+) and execute the transaction SBDLOG to display RFC functions and SICF usage statistics. The event makes these RFC and SICF services usage statistics available in Splunk for further analysis, set alerts, determine & disable unused RFC/SICF services.