Understand & Detect >
Attacker methods and Zero-Day exploits

Request Demo


Knows 250+ Attack Patterns.
Detect and react to breaches in real-time.

We use the capabilities of machine-based detection patterns, crawling through all relevant data sources. Numerous logs, ranging from the Security Audit Log to the System Log, and many other data sources must to be monitored to determine if your system has been exploited.

SecurityBridge for SAP©, automatically utilizes all this information to add context to security events. As result, such events can be read and evaluated by Security Analysts, event without expert SAP knowledge.


Sample Use Cases

The SecurityBridge Intrusion Detection System for SAP Netweaver© will start providing value immediately after the installation. It comes preconfigured with detection signatures for SAP specific attacks and compliance violations.



  • Unauthorized user assigned a critical account authorisation
  • DoS attack scripts locking various user accounts
  • Identity theft and login from the attacker’s terminal
  • SQL-injection attack accessing unauthorised areas or protected data
  • Learn more about SecurtyBridge - Listeners




  • Insecure or non-compliant security configuration detected
  • Detect cover-up activity within the User Master and Authorisation Management
  • Emergency & Admin account abuse for Job Management, Remote Connections, and more
  • SAP® Security Audit Log deactivated




  • Gain an understanding of your Attack Surface through a user-friendly Risk Score
  • Evaluate & report on changes to your security configuration
  • A system configuration has been set to insecure setting
  • Usage of critical roles, and generic user accounts i.e. DDIC, SAP*
  • Malicious transport request is imported


Listener Description Patterns
1000 Failed logins of unknown account 1
1001 SAP System Changemode altered 1
1002 Parallel logins of account 1
1003 Failed login attemps by threshold 1
1004 Failed logins, multiple accounts from same terminal 1
1005 User account change and cover-up identification 15
1006 Assignment of critical authorisation and cover-up identification 20+
1007 Profile parameter changes 7+
1008 Dynamic switchable system parameter changes 2+
1009 Tracking of debug actions 6
1010 RFC destination altering 4
1011 Critical user login 30+
1012 Client setting adjustments 6
1013 Authorisation assignment to own account 1
1014 Critical transactions and programs 30+
1015 Critical remote function calls 30+
1016 Security Audit log adjustments 1
[...] [...] [...]
1061 Critical data extractions 25+
1064 Access to password hashes 1
1066 ABAP Code vulnerabily scan 25+
[and more] [...] [...]

Request a live demo
Eliminate cybersecurity threats within days, with real-time intelligence.


Call us or contact us today.

By submitting the form, you acknowledge that you have read and agreed to our Privacy Policy .



Europe (Headquarters)
 Phone: +49 911 4902 1918
 Münchenerstr. 49, 85051 Ingolstadt, Germany

United States
 Phone: +1 416 821 0850