Update SAP 4 Sentinel - Init

Solutions/SAP/Analytics/Watchlists/SAP - Critical Authorizations.csv

@@ -0,0 +1,9 @@
+AuthorizationObject,AuthorizationField,AuthorizationValue,ActivityField,Activity,Description
+S_DEVELOP,OBJTYPE,DEBUG,ACTVT,02,Debug Change Authorizations
+S_DEVELOP,OBJTYPE,*,ACTVT,02,All development activities - include debug
+S_DEVELOP,OBJTYPE,DEBUG,ACTVT,*,Debug All Activites (Including Change)
+S_DEVELOP,OBJTYPE,*,ACTVT,*,All development activities - include debug
+S_RFC,RFCNAME,*,ACTVT,16,Execution of all RFC Services
+S_RFC,RFCNAME,*,ACTVT,*,Execution of all RFC Services
+S_TCODE,TCD,*,NOT_IN_USE,,All Transaction Codes - Example without Activity
+S_TZONE,ACTVT,*,NOT_IN_USE,,Maintain System Time Zone - Example only with Activity

Solutions/SAP/Analytics/Watchlists/SAP - Excluded Networks.csv

@@ -0,0 +1,3 @@
+Network,Description
+111.68.128.0/1,My Terminal Server
+123.68.128.0/1,My Citrix

Solutions/SAP/Analytics/Watchlists/SAP - Excluded Users.csv

@@ -0,0 +1,2 @@
+User,Description
+SYSWF,WF

Solutions/SAP/Analytics/Watchlists/SAP - Networks.csv

@@ -0,0 +1,4 @@
+Network,Description
+111.68.128.0/17,Our internal Network
+5.8.0.0/19,SAP Support Network
+223.255.254.0/24,Our Support Network

Solutions/SAP/Analytics/Watchlists/SAP - Privileged Users.csv

@@ -0,0 +1,7 @@
+User,Description
+SAP*,SAP*
+DDIC,"Dictionary, Internal"
+ALEREMOTE,BW User
+BWREMOTE,BW User
+SAPSYS,"SAP System, Internal"
+WF-BATCH,Workflow Batch

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive ABAP Programs.csv

@@ -0,0 +1,9 @@
+ABAPProgram,Description
+RSPFLDOC,Profile Parameter Maintenance
+/1BCDWB/DBUSR02,Data Browser - USR02
+/1BCDWB/DBUSH02,Data Browser - USH02
+/1BCDWB/DBUSRPWDHISTORY,Data Browser - USRPWDHISTORY
+RDDGENBB,DD: Dispatcher for Converter and Distributor
+RSBDCOS0,Execute OS Command (Logged in SYSLOG and Trace Files)
+RSCDOK99,Delete Change Documents
+RSTBPDEL,Table Log Database Management: Delete Logs

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive Function Modules.csv

@@ -0,0 +1,23 @@
+FunctionModule,Description
+RSAU_CLEAR_AUDIT_LOG,Delete Audit Log
+BAPI_USER_CREATE,Create User
+BAPI_USER_CREATE1,Create User
+BAPI_USER_DELETE,Delete user
+BAPI_USER_GET_DETAIL,Read User Details
+BAPI_USER_PROFILES_ASSIGN,Change User-Profile Assignments
+EPS_GET_DIRECTORY_LISTING,
+PFL_CHECK_OS_FILE_EXISTENCE,
+PRGN_INTERFACE_USER,
+RFC_ABAP_INSTALL_AND_RUN,
+RFC_GET_TABLE_ENTRIES,Read table entries
+RFC_READ_TABLE,External access to R/3 tables via RFC
+RS_FUNCTIONMODULE_INSERT,
+RZL_READ_DIR_LOCAL,
+SUSR_RFC_USER_INTERFACE,
+SXPG_CALL_SYSTEM,Execute an External Command
+SXPG_COMMAND_EXECUTE,Execute an External Command
+SXPG_COMMAND_EXECUTE_LONG,Execute an External Command
+TABLE_ENTRIES_GET_VIA_RFC,
+TH_REMOTE_TRANSACTION,Start Remote Transaction
+TH_SAPREL,
+TMS_CI_START_SERVICE,

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive Profiles.csv

@@ -0,0 +1,3 @@
+Profile,Description
+SAP_ALL,All SAP Systems Authorizations
+SAP_NEW,New Authorizations Checks

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive Roles.csv

@@ -0,0 +1,5 @@
+Role,Description
+Z_FIGL_POSTING_ADMIN,Custom example role
+SAP_BC_AUTH_DATA_ADMIN,Authorization Data Administrator
+SAP_BC_AUTH_PROFILE_ADMIN,Authorization Profile Administrator
+SAP_BC_BASIS_ADMIN,System Administrator

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive Tables.csv

@@ -0,0 +1,5 @@
+Table,Description
+USR02,Logon Data
+PA0008,Basic Pay Infotype
+USH02,Change history for logon data
+USRPWDHISTORY,Change History for Logon Data: Last Entries from Archive

Solutions/SAP/Analytics/Watchlists/SAP - Sensitive Transactions.csv

@@ -0,0 +1,3 @@
+TransactionCode,Description
+RSAU_CONFIG,Audit Log Configuration
+RZ11,Profile Parameter Maintenance

Solutions/SAP/Analytics/Watchlists/SAP - Systems.csv

@@ -0,0 +1,31 @@
+SystemID,SystemRole,SystemUsage
+S4X,Sandbox,ERP
+S4D,Development,ERP
+S4Q,QualityAssurance,ERP
+S4T,Training,ERP
+S4P,Production,ERP
+S4H,Production,ERP
+B4X,Sandbox,BW
+B4D,Development,BW
+B4Q,QualityAssurance,BW
+B4T,Training,BW
+B4P,Production,BW
+SMX,Sandbox,Solman
+SMD,QualityAssurance,Solman
+SMQ,Training,Solman
+SMP,Production,Solman
+C4X,Sandbox,CRM
+C4D,Development,CRM
+C4Q,QualityAssurance,CRM
+C4T,Training,CRM
+C4P,Production,CRM
+GWX,Sandbox,Gateway
+GWD,Development,Gateway
+GWQ,QualityAssurance,Gateway
+GWT,Training,Gateway
+GWP,Production,Gateway
+EPS,Sandbox,Enterpirse Portal
+EPD,Development,Enterpirse Portal
+EPQ,QualityAssurance,Enterpirse Portal
+EPT,Training,Enterpirse Portal
+EPP,Production,Enterpirse Portal

Solutions/SAP/CR/K900114.NPL

@@ -0,0 +1,7 @@
+SENTINEL     T NPL        1   0   0   0   0   1   0   0   0   1  752   .  0   0   0   0   0 001
+#A
+#/1/                          A   G   D   C   R   7   T   -   Z RELE EX.  _   _   _   _   _ CLI
+NPL f 0000 20210422091205 vhcalnplci       npladm
+NPL e 0000 20210422091207 vhcalnplci       npladm
+NPL.000 < 0000 20210422091209 vhcalnplci       npladm
+NPL.001 E 0000 20210422091209 vhcalnplci       npladm

Solutions/SAP/CR/K900131.NPL

@@ -0,0 +1,7 @@
+SENTINEL     T NPL        1  10  19   0   0   0   0   0   0  20  752   .  0   0   0   0   0 001
+#A
+#/1/                          A   G   D   C   R   7   T   -   Z RELE EX.  _   _   _   _   _ CLI
+NPL f 0000 20210427112123 vhcalnplci       npladm
+NPL e 0000 20210427112126 vhcalnplci       npladm
+NPL.000 < 0000 20210427112132 vhcalnplci       npladm
+NPL.001 E 0000 20210427112132 vhcalnplci       npladm

Solutions/SAP/CR/K900132.NPL

@@ -0,0 +1,7 @@
+SENTINEL     T NPL        1  11  20   0   0   0   0   0   0  21  752   .  0   0   0   0   0 001
+#A
+#/1/                          A   G   D   C   R   7   T   -   Z RELE EX.  _   _   _   _   _ CLI
+NPL f 0000 20210427112246 vhcalnplci       npladm
+NPL e 0000 20210427112248 vhcalnplci       npladm
+NPL.000 < 0000 20210427112253 vhcalnplci       npladm
+NPL.001 E 0000 20210427112253 vhcalnplci       npladm

Solutions/SAP/CR/README.MD

@@ -0,0 +1,27 @@
+# Required SAP Log change requests
+
+The following table lists the SAP Log change requests that you must configure in order to support ingesting specific SAP logs into Azure Sentinel.
+   
+   For a typical installation on SAP Basis 7.5+  install NPLK900131
+   
+   For a typical installation on SAP Basis 7.4  install NPLK900132
+   
+   For the  role creation (any version) install NPLK900114
+
+<u><b>SAP notes required for version below SAP Basis 7.5 SP13:</u></b>
+
+[SAP Note 2641084](https://launchpad.support.sap.com/#/notes/2641084) (*Standardized read access for the Security Audit log data*)
+
+[SAP Note 2173545](https://launchpad.support.sap.com/#/notes/2173545) (*CD: CHANGEDOCUMENT_READ_ALL*)
+
+[SAP Note 2502336](https://launchpad.support.sap.com/#/notes/2502336) (*CD: RSSCD100 - read only from archive, not from database*)
+
+**Note**: The required SAP log change requests expose custom RFC FMs that are required for the connector, and do not change any standard or custom objects.
+
+
+| Log | Change Request | Latest Update in Version  | 
+| --- | -------------- | -------------------------- |
+| **All Logs** | NPLK900131 | 0.0.21 <br> <br>Use the complete package<br> <br>Basis>=7.5 |
+| **All Logs** | NPLK900132 | 0.0.21 <br> <br>Use the complete package<br> <br>Basis<7.5 |
+| **Sample Authorizations Role** | NPLK900114 | 0.0.14 | 
+

Solutions/SAP/template/loggingconfig_DEV.yaml

@@ -0,0 +1,156 @@
+version: 1
+disable_existing_loggers: False
+formatters:
+  brief:
+    format: '%(levelname)-8s - %(message)s'
+  detailed:
+    format: '%(asctime)s.%(msecs)03d %(levelname)-8s %(name)-15s %(message)s'
+    datefmt: '%Y-%m-%d %H:%M:%S'
+handlers:
+  console:    
+    class : logging.StreamHandler
+    formatter: detailed
+    level   : DEBUG
+    stream  : ext://sys.stdout
+  file_API:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/API.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15
+  file_RFC:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/RFC.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_LogsDeltaMananger:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/LogsDeltaManager.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_PersistenceMananger:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/PersistenceManager.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15 
+  file_SysAdmin:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/SystemAdmin.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15     
+  file_ABAPAuditLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPAuditLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15       
+  file_ABAPJobLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPJobLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15       
+  file_ABAPSpoolLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPSpoolLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPSpoolOutputLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPSpoolOutputLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15                 
+  file_ABAPChangeDocsLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPChangeDocsLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPAppLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPAppLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPWorkflowLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPWorkflowLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_ABAPCRLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPCRLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15             
+  file_ABAPTableDataLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : DEBUG
+    filename: ./sapcon/logs/ABAPTableDataLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15                          
+
+loggers: 
+  API:    
+    level   : DEBUG
+    handlers: [console, file_API]
+  RFC:    
+    level   : DEBUG
+    handlers: [console, file_RFC]
+  DeltaManager:
+    level   : DEBUG
+    handlers: [console, file_LogsDeltaMananger]
+  Persistence:
+    level   : DEBUG
+    handlers: [console, file_PersistenceMananger]    
+  SysAdmin:
+    level   : INFO
+    handlers: [console, file_SysAdmin]
+  ABAPAuditLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPAuditLog]
+  ABAPJobLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPJobLog]    
+  ABAPSpoolLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPSpoolLog]    
+  ABAPSpoolOutputLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPSpoolOutputLog]            
+  ABAPChangeDocsLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPChangeDocsLog]        
+  ABAPAppLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPAppLog]            
+  ABAPWorkflowLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPWorkflowLog]              
+  ABAPCRLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPCRLog]              
+  ABAPTableDataLog:
+    level   : DEBUG
+    handlers: [console, file_ABAPTableDataLog]                      

Solutions/SAP/template/loggingconfig_PRD.yaml

@@ -0,0 +1,156 @@
+version: 1
+disable_existing_loggers: False
+formatters:
+  brief:
+    format: '%(levelname)-8s - %(message)s'
+  detailed:
+    format: '%(asctime)s.%(msecs)03d %(levelname)-8s %(name)-15s %(message)s'
+    datefmt: '%Y-%m-%d %H:%M:%S'
+handlers:
+  console:    
+    class : logging.StreamHandler
+    formatter: detailed
+    level   : INFO
+    stream  : ext://sys.stdout
+  file_API:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/API.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15
+  file_RFC:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : WARNING
+    filename: ./sapcon/logs/RFC.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_LogsDeltaMananger:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : WARNING
+    filename: ./sapcon/logs/LogsDeltaManager.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_PersistenceMananger:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : WARNING
+    filename: ./sapcon/logs/PersistenceManager.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15 
+  file_SysAdmin:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/SystemAdmin.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15     
+  file_ABAPAuditLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPAuditLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15       
+  file_ABAPJobLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPJobLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15       
+  file_ABAPSpoolLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPSpoolLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPSpoolOutputLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPSpoolOutputLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15             
+  file_ABAPChangeDocsLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPChangeDocsLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPAppLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPAppLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15         
+  file_ABAPWorkflowLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPWorkflowLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15    
+  file_ABAPCRLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : INFO
+    filename: ./sapcon/logs/ABAPCRLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15             
+  file_ABAPTableDataLog:
+    class : logging.handlers.RotatingFileHandler
+    formatter: detailed
+    level   : WARNING
+    filename: ./sapcon/logs/ABAPTableDataLog.log
+    maxBytes: 10485760 #10MB 10*1024*1024
+    backupCount: 15                          
+
+loggers: 
+  API:    
+    level   : INFO
+    handlers: [console, file_API]
+  RFC:    
+    level   : WARNING
+    handlers: [console, file_RFC]
+  DeltaManager:
+    level   : WARNING
+    handlers: [console, file_LogsDeltaMananger]
+  Persistence:
+    level   : WARNING
+    handlers: [console, file_PersistenceMananger]    
+  SysAdmin:
+    level   : INFO
+    handlers: [console, file_SysAdmin]
+  ABAPAuditLog:
+    level   : INFO
+    handlers: [console, file_ABAPAuditLog]
+  ABAPJobLog:
+    level   : INFO
+    handlers: [console, file_ABAPJobLog]    
+  ABAPSpoolLog:
+    level   : INFO
+    handlers: [console, file_ABAPSpoolLog]    
+  ABAPSpoolOutputLog:
+    level   : INFO
+    handlers: [console, file_ABAPSpoolOutputLog]        
+  ABAPChangeDocsLog:
+    level   : INFO
+    handlers: [console, file_ABAPChangeDocsLog]        
+  ABAPAppLog:
+    level   : INFO
+    handlers: [console, file_ABAPAppLog]            
+  ABAPWorkflowLog:
+    level   : INFO
+    handlers: [console, file_ABAPWorkflowLog]              
+  ABAPCRLog:
+    level   : INFO
+    handlers: [console, file_ABAPCRLog]              
+  ABAPTableDataLog:
+    level   : WARNING
+    handlers: [console, file_ABAPTableDataLog]                      

Solutions/SAP/template/systemconfig-kickstart.ini

@@ -0,0 +1,59 @@
+[Secrets Source]
+secrets = AZURE_KEY_VAULT
+keyvault = <SET_YOUR_AZURE_KEYVAULT>
+intprefix = <SET_YOUR_PREFIX>
+
+[ABAP Central Instance]
+##############################################################
+# Please fill required value according to server configuration
+ashost = <SET_YOUR_APPLICATION_SERVER_HOST>
+#mshost = <SET_YOUR_MESSAGE_SERVER_HOST> - #In case different then App
+##############################################################
+#group = <SET_YOUR_LOGON_GROUP>
+#msserv = <SET_YOUR_MS_SERVICE> - # is needed only, if the service of the message server is not defined as sapms<SYSID> in /etc/services
+sysnr = <SET_YOUR_SYS_NUMBER>
+#user = <SET_YOUR_USER>
+##############################################################
+# Please fill Password OR SNC Parameters for X509
+#passwd = <SET_YOUR_PASSWORD>
+#snc_partnername = <SET_YOUR_SNC_PARTNER_NAME>
+#snc_lib = <SET_YOUR_SNC_LIBRARY_PATH>
+#x509cert = <SET_YOUR_X509_CERTIFICATE>
+##############################################################
+sysid = <SET_YOUR_SYSTEM_ID>
+client = <SET_YOUR_CLIENT>
+
+[Azure Credentials]
+
+
+[File Extraction ABAP]
+
+
+[File Extraction JAVA]
+
+[Logs Activation Status]
+# ABAP RFC Logs - Retrieved by using RFC interface
+ABAPAuditLog = True
+ABAPJobLog = True
+ABAPSpoolLog = True
+ABAPSpoolOutputLog = True
+ABAPChangeDocsLog = True
+ABAPAppLog = True
+ABAPWorkflowLog = True
+ABAPCRLog = True
+ABAPTableDataLog = False
+# ABAP SAP Control Logs - Retrieved by using SAP Conntrol interface and OS Login
+ABAPFilesLogs = False
+SysLog = False
+ICM = False
+WP = False
+GW = False
+# Java SAP Control Logs - Retrieved by using SAP Conntrol interface and OS Login
+JAVAFilesLogs = False
+
+[Connector Configuration]
+extractuseremail = True
+apiretry = True
+auditlogforcexal = False
+auditlogforcelegacyfiles = False
+timechunk = 60

Solutions/SAP/template/systemconfig.ini

@@ -0,0 +1,73 @@
+[Secrets Source]
+secrets = <DOCKER_RUNTIME/AZURE_KEY_VAULT/DOCKER_SECRETS/DOCKER_FIXED>
+keyvault = <SET_YOUR_AZURE_KEYVAULT>
+intprefix = <SET_YOUR_PREFIX>
+
+[ABAP Central Instance]
+##############################################################
+# Please fill required value according to server configuration
+ashost = <SET_YOUR_APPLICATION_SERVER_HOST>
+mshost = <SET_YOUR_MESSAGE_SERVER_HOST> - #In case different then App
+##############################################################
+group = <SET_YOUR_LOGON_GROUP>
+msserv = <SET_YOUR_MS_SERVICE> - # is needed only, if the service of the message server is not defined as sapms<SYSID> in /etc/services
+sysnr = <SET_YOUR_SYS_NUMBER>
+user = <SET_YOUR_USER>
+##############################################################
+# Please fill Password OR SNC Parameters for X509
+passwd = <SET_YOUR_PASSWORD>
+#snc_partnername = <SET_YOUR_SNC_PARTNER_NAME>
+#snc_lib = <SET_YOUR_SNC_LIBRARY_PATH>
+#x509cert = <SET_YOUR_X509_CERTIFICATE>
+##############################################################
+sysid = <SET_YOUR_SYSTEM_ID>
+client = <SET_YOUR_CLIENT>
+
+[Azure Credentials]
+loganalyticswsid = <SET_YOUR_SENTINEL_ENABLED_LOG_ANALYTICS_WORKSPACE_ID>
+publickey = <SET_YOUR_PUBLIC_KEY>
+
+[File Extraction ABAP]
+osuser = <SET_YOUR_SAPADM_LIKE_USER>
+ospasswd = <SET_YOUR_SAPADM_PASS>
+appserver = <SET_YOUR_SAPCTRL_SERVER>
+instance = <SET_YOUR_SAP_INSTANCE>
+x509pkicert = <SET_YOUR_X509_PKI_CERTIFICATE>
+abapseverity = <SET_ABAP_SEVERITY>
+abaptz = <SET_ABAP_TZ>
+
+[File Extraction JAVA]
+javaosuser = <SET_YOUR_JAVAADM_LIKE_USER>
+javaospasswd = <SET_YOUR_JAVAADM_PASS>
+javaappserver = <SET_YOUR_JAVA_SAPCTRL_SERVER>
+javainstance = <SET_YOUR_JAVA_SAP_INSTANCE>
+javax509pkicert = <SET_YOUR_X509_PKI_CERTIFICATE>
+javaseverity = <SET_JAVA_SEVERITY>
+javatz = <SET_JAVA_TZ>
+
+[Logs Activation Status]
+# ABAP RFC Logs - Retrieved by using RFC interface
+ABAPAuditLog = True
+ABAPJobLog = True
+ABAPSpoolLog = True
+ABAPSpoolOutputLog = True
+ABAPChangeDocsLog = True
+ABAPAppLog = True
+ABAPWorkflowLog = True
+ABAPCRLog = True
+ABAPTableDataLog = False
+# ABAP SAP Control Logs - Retrieved by using SAP Conntrol interface and OS Login
+ABAPFilesLogs = False
+SysLog = False
+ICM = False
+WP = False
+GW = False
+# Java SAP Control Logs - Retrieved by using SAP Conntrol interface and OS Login
+JAVAFilesLogs = False
+
+[Connector Configuration]
+extractuseremail = True
+apiretry = True
+auditlogforcexal = False
+auditlogforcelegacyfiles = False
+timechunk = 60