What this integration is
This integration collects audit events from SAP Customer Data Cloud (Gigya) and forwards them into your SOCFortress SIEM stack. It may also support higher-level detections such as:- multiple logins detection
- suspicious login detection
Credentials you’ll need
- API Key
- User Key
- Secret Key
- API Domain (site domain)
CoPilot setup (recommended workflow)
- Provision the customer.
- Add the SAP SIEM integration under the customer.
- Provide the API key/user key/secret and domain.
- Validate events arrive and are searchable.
Success criteria
- Audit events appear for the expected tenant
- Optional detections (if enabled) mark/analyze events as expected
Troubleshooting
- Confirm you are using the correct domain/region for your SAP tenant.
- Confirm the secret is the one associated with the userKey.
- Ensure HTTPS is used when required by the auth method.