HANA Audit Log Disabled
Discover how DefenceMore OCA for SAP detects and prevents unauthorized disabling of HANA Database audit logs.
Case Study #018.01
Scenario
A malicious user with direct access to the HANA Database has disabled the HANA DB AUDIT LOG mechanism, preventing the generation of logs.
Impact
Disabling the HANA Audit Logs will prevent retrospective security queries and auditing, making it difficult to track and investigate suspicious activities.
DefenceMore OCA Capabilities
Defencemore OCA's H001 control checks the global_auditing_state parameter. If this parameter is inactive, an incident is created. Additionally, H004 tracks and displays changes made to system parameters on the HANA DB.
Related Checks
- H001 HANA Audit Log Param Check
- H004 HANA System Parameter Change Logs