Find the needle in the data haystack.

Intrusion Detection System for SAP©

SecurityBridge Event Details

Keep your business Data protected


Detects & Reports exploits in real-time 24/7.

Recently, a major milestone has been reached. We announced Version 3 of SecurityBridge, including a set of new features:

  • Simplified SIEM connectivity. Seamlessly connect SAP with Splunk, ArcSight, LogRhythm and QRadar
  • SAP Fiori® Apps for Monitoring and Investigation
  • An event timeline feature which simplifies investigations
  • Security incident creation via Drag and Drop
  • Enhanced filter and whitelist configuration options
  • An updated standard configuration catalogue for 70+ listeners, covering hundreds of identification patterns and signatures
  • Rule-based Response Framework
  • Real-time Code Vulnerability Scanner

SecurityBridge has become the most innovative and complete security solution on the market for organizations running SAP©. The threat potential against market leaders like SAP SE© should not be underestimated.

Conclusion: Time to Act Now


Install & Run


SB resides within the ABAP stack, no additional hardware required. It comes preconfigured with hundreds of SAP-specific attack and vulnerability detection patterns. Once unboxed, SB is easily activated and put into production, without lengthy implementation phase. 


Smart Data


SB not only evaluates the SAP Security Audit Log, it continuously scans and correlates all log sources which may impact the security posture of your system. Machine intelligence is applied to alert on critical events and discard the false positives.


Frequently Updated


SB is updated continuously based on ABAP-Experts internal research and latest SAP security publications. SB customers are always able to use the latest features and run the most recent SAP threat detection signatures. 

How it works

Architecture Simple but effective

SecurityBridge works with a centralized architecture, using a SecurityBridge Controller (SBC) that connects to the SecurityBridge Agents (SBA).

Real-time SAP threat detection works like this:

  • Once SBC starts the Intrusion Detection Scanner (IDS) on one, or all agents, the IDS runs continuously. It tests the available log sources within the SAP instance for SAP-specific attack patterns and zero-day vulnerabilities.
  • Events are created by the SecurityBridge correlation engine, which also applies user behaviour analysis. False positives can be eliminated using filter settings, which are configured directly on the SBC, and are distributed to the Agents with a single click.
    The result is a high quality and accurate threat assessment that continues 24/7.
  • The product can be installed on any SAP® NetWeaver ABAP Stack-based system and is shipped within its own namespace. SB also supports SAP HANA and runs on-premise or within cloud environments i.e. SAP HANA Cloud (HEC), or Amazon Web Services (AWS).


To start with SecurityBridge and SAP Security Monitoring, no additional hardware is needed! The IDS operates seamlessly, 24/7, unnoticed by your business and with no measurable performance impact on your system.