SecurityBridge provides
SAP Threat Detection

The most advanced technology that never sleeps

SecurityBridge Event Details



Detects & Reports exploits in real-time 24/7.

  • Instant SIEM connectivity. Seamlessly connect SAP with splunk,  ArcSight, LogRhythm, IBM QRadar, and Azure Sentinel
  • SAP Fiori® Apps for Monitoring and Investigation
  • An event timeline feature that simplifies investigations
  • Security incident creation via Drag and Drop
  • Enhanced filter and whitelist configuration options
  • An updated standard configuration catalog for 70+ listeners, covering hundreds of identification patterns and signatures
  • Rule-based Response Framework
  • Real-time Code Vulnerability Scanner

SecurityBridge is the most innovative and complete SAP threat detection solution available for organizations running SAP©. The threat potential against market leaders like SAP SE© is growing and becoming more sophisticated. Protect your business-critical applications with the most advanced technology.

SAP Threat Detection in a nutshell


Install & Run


SecurityBridge resides within the ABAP stack, no additional hardware required. It comes preconfigured with hundreds of SAP-specific attack and vulnerability detection patterns. Once unboxed, SecurityBridge is easily activated and put into production, without lengthy implementation phase. 


Smart Data


SecurityBridge not only evaluates the SAP Security Audit Log, it continuously scans and correlates all log sources which may impact the security posture of your system. Machine intelligence is applied to alert on critical events and discard the false positives.


Frequently Updated


SecurityBridge is updated continuously based on internal research and latest SAP security publications. SecurityBridge customers are always able to use the latest features and run the most recent SAP threat detection signatures. 

How it works

Architecture: simple but effective

SecurityBridge works with a centralized architecture, using a SecurityBridge Controller (SBC) that connects to the SecurityBridge Agents (SBA).

Real-time SAP threat detection works like this:

  • Once SBC starts the Intrusion Detection Scanner (IDS) on one, or all agents, the IDS runs continuously. It tests the available log sources within the SAP instance for SAP-specific attack patterns and zero-day vulnerabilities.
  • Events are created by the SecurityBridge correlation engine, which also applies user behavior analysis. False positives can be eliminated using filter settings, which are configured directly on the SBC, and are distributed to the Agents with a single click.
    The result is a high quality and accurate threat assessment that continues 24/7.
  • The product can be installed on any SAP® NetWeaver ABAP Stack-based system and is shipped within its own namespace. SB also supports SAP HANA and runs on-premise or within cloud environments i.e. SAP HANA Cloud (HEC), or Amazon Web Services (AWS).

No additional hardware is needed with SecurityBridge monitoring. The IDS operates seamlessly, 24/7. It is frictionless with no interference or performance impact on your systems.

Solution Brief - Threat Detection