SAP BTP Audit Log

SAP BTP Audit Lg

The Business Technology Platform is the further development of the former SAP Cloud Platform. Behind the abbreviation, BTP hides the meaningful term Business Technology Platform. On the product page SAP advertises the following: SAP BTP combines data management, analytics, artificial intelligence, application development, automation, and integration in a unified environment.  

The new SAP technology allows a lot of flexibility and offers a well-structured BTP audit log in the security domain. As an SAP security solution provider, we took a closer look at it and integrated the BTP audit log into our monitoring portfolio. 

What is SAP BTP?

The SAP Business Technology Platform (SAP BTP) is a cloud platform on which companies can use numerous services and functions – both existing services from SAP and other providers, as well as custom developments. Divided into four principal areas: Database and Data Management, Analytics, Application Development, and Integration and Intelligence Tech, it advertises maximum flexibility and easy integration into the existing SAP product portfolio.

SAP BTP Audit Log

You should start with the concept of “environments” to delve a little deeper into the SAP Business Technology Platform. Environments form the actual Platform-as-a-Service offering of SAP BTP, enabling the development and management of business applications. Environments are anchored in SAP BTP at the subaccount level. The Cloud Foundry, ABAP, Kyma, and the Neo Environments exist. Follow this link to find more details on the subject in the SAP Help Portal.

What is the SAP BTP Audit Log?

Audit logs are a special type of logs. They represent security-relevant chronological records that provide documentary evidence for an event or activity that delivers information about e.g., User login to SAP BTP. The SAP BTP Audit Log Service stores audit logs representing different actions taken over your account and (or) data. There are predefined audit categories for data protection & privacy next to security-relevant events. All entries of the SAP BTP Audit log are grouped into the following areas: 

  • Identity provider management 
  • Instance management 
  • Role collection management 
  • Role management 
  • SAML authentication 

Further information can be found in
Audit Logging in the Cloud Foundry Environment 

SAP BTP Audit Log Viewer service

The SAP Audit Log service is a platform service that stores all the audit logs written on your behalf by other platform services that you use. It allows you to retrieve the audit logs for your subaccount via the audit log retrieval API or view them using the SAP Audit Log Viewer Service.  


The SecurityBridge Platform makes it easy for SAP customers to keep track of security-related activities with its threat detection capabilities. Especially with the new SAP BTP Audit Log, customers are confronted with an entirely new challenge. A new message format and new categorization are waiting, bringing new use cases. Customers now need to think about which of these security use cases needs to be incorporated into active monitoring (e.g., SAP SOC/SIEM). In addition to this practical obstacle, there are several technical questions to be answered:  

  • How can the data be accessed? 
  •  What needs to be decoded? How can the new format be brought into a uniform message structure? 
  • What are the error cases? What must be done if the log is no longer readable? 
  • Which SAP BTP tenants exist in the company at all?

When you read the last point, you may be crying out mentally, but actually, the tenants’ determination creates a challenge for many enterprises. As with many cloud solutions, it is easy to apply for a new tenant with SAP BTP. If there is an active connection to the on-premises SAP application, this is traceable. However, if the SAP BTP tenant exists on its own, things get a bit more complicated. 

Where can I find SAP BTP Audit Log information sources?

In conclusion, we would like to point out a few informative references that played a role in the context of this article. Perhaps one or more readers will find the links helpful. If you do not want to miss any helpful posts and want to stay up to date with SAP Cybersecurity, follow our LinkedIn page. 

Posted by

Christoph Nagy
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SecurityBridge joins NTT Data’s Cybersecurity for SAP Webinar

Whether your business critical SAP landscape is traditional on-prem, in one or more clouds, or even the latest RISE with SAP, you are accountable for ensuring it is secured against rapidly increasing cyber threats. Join this webinar to learn why SAP application security is critical and how you can stay in control and protect your business.

Meet us at SAPINSIDER 2022 – in Las Vegas

June 19-21, 2022 the US team of SecurityBridge will be at the SAPinsider Event in Las Vegas. You will find our booth in the Cybersecurity area.
SAP security Patch day
August 9, 2022, is the time for the SAP Security Patch Day, this time in parallel to the black 2022 cyber security conference, the SAP Response team has released 7 patches this Tuesday.
SAP Security Solutions
Security News
The application security market is obscure and holds one or two surprises for those looking for an SAP security solution. Cybersecurity solutions for SAP help customers understand the ever-growing threat landscape and protect themselves effectively. In this article, we would like to discuss some points you should focus on when looking for a security solution for SAP.
SAP Debugger
The SAP Debugger, also known as the ABAP Debugger, is one of the most important development tools offered by SAP. An ABAP developer or a technical SAP consultant uses it to analyze problems or to simulate program flows. Usually, the debugger is simply used to understand a certain behavior in SAP ERP and to identify or understand customizing options.
cbs and securitybridge for SAP
cbs Corporate Business Solutions, a premium management consultancy, and cloud services provider with a focus on the manufacturing industry, and SecurityBridge, the leading provider of an SAP Security platform solution, have announced a partnership to meet the growing demand for comprehensive and reliable service offerings in the field of SAP Security for international SAP clients.