Management overview

The Management overview is an UI5 report (also suited for devices like iPad and mobile) that enables you to see the security status of all your SAP systems in your SAP landscape and zoom in to the result of an individual check executed in a SAP system.

Basically this report has 3 different levels: Project, System, Check.

To use this report, execute the following 2 steps first:

1. Group your systems

To use the report, you must think of the way that you want to group the SAP systems.

For instance, do you want to see all your SAP systems in one single overview, or do you only want to have separate views of groups of SAP systems, for example: Sandbox, Development, Test and Production. You could also group on different SAP system types: like BW, ERP, CRM and PO.

2. Schedule Projects (each Project containing a group)

To create a group, schedule a Project containing the systems you have chosen. Examples:

choose all SAP systems
choose all Development SAP systems
choose all ERP type SAP systems

It is important to create all SAP system Scans in this Project using the same template. We recommend using the default template #1 (“all checks with default value”), so the results can be compared evenly across all SAP systems.

Schedule the Project to run repeatedly with a fixed period, for example 1 month.

Overview

After selecting the Landscape overview report from the Protect4S VM Menu, you will see view containing a list of Projects and an SAP Landscape menu:

The bar graph represents the number of SAP systems and their Risk value based on the latest run of the Project selected. By default, the most recent project run is selected, but in principle every Project shown in the list on the left can be selected.

In this case, we see a Project containing 6 Development systems. 4 Systems are classified as Medium Risk and 2 systems as having a Low Risk value.

Overview of systems

By selecting the Systems Icon in the Landscape menu, you will see the different SAP systems ID’s, their calculated Risk percentage (which is the percentage of failed checks) and the amount of checks executed for this given system.

History of a Project

It is also possible to show the Risk values of the systems within a project established in earlier project runs by selecting the History icon in the landscape menu:

In this example you can see the initial amount of SAP systems was 8 and the Risk values of most of the Development systems in this project used to be much higher. The Project run is shown on the left and the one-but-latest recent one is shown on the right.

Project information

The Project information menu option shows when the Project was run and how many System Scans this run contained:

It is possible to drill down deeper into the results per SAP system. To access the System menu, double-click on an SAP system shown in the Overview of systems:

You will now see the Scan result of the selected SAP system:

In this view you see the amount of checks executed during the last SAP system Scan and the distribution of Risk values. The green area represents the number of Checks that passed, and the other colors represent the failed Checks.

To see the individual Checks, that were executed and their result (pass or fail) plus Risk value, you select the Checks menu option:

By selecting the History icon, you can see the history of the Scan results for this SAP system:

Again, the oldest System Scan is shown on the left and the latest is shown on the right.

The System History view is used to see the development of Risk over time for a particular System. This example shows, that for this System, the total amount of Checks executed has increased and that the number of failed Checks has decreased slightly.

Scan information

The Scan information option shows the following information:

To enter the Checks menu, select the Check Menu for a given System and double-click on a Check:

You will then see a menu that provides more information on this Check:

The information shows whether the Check is client-dependent or independent, the Platform Layer, for which System type the check is valid and the type of vulnerability that the Check belongs to.