Live Online Training
Identify and Neutralize the Bad Guys – An Introduction to Security Operations for Enterprise IT Environments Using SAP Technology

This online training is designed for SAP technology experts and security professionals looking to improve their incident detection and response skills within their SAP Landscape. You will learn about the MITRE Attack framework as a tool for realistic attack simulation and response, including the triage process when addressing prioritized alarms or events. This includes how to analyze and filter network traffic information, identify suspicious patterns in network traffic, and understand the general terms and concepts of a security incident and event management. As a bonus, we will address typical security event sources for SAP systems and how to query them. Upon completion, you will be able to determine applicable deception and active countermeasures tactics for common adversary scenarios and recognize different security event sources across the OSI layer. The best part is you will be learning with a live instructor, which means you get the opportunity to pose questions along the way, receive direct feedback, and participate in an ‘ask-anything’ session to reinforce your knowledge. If you are ready to get ‘great’ at detecting the bad guys quickly and responding properly - this class is for you!

8 hours

Live instructor


Maximum 14 Learners

Language Options

English or German


 Certificate Upon Completion


€ 800
per Learner

Who’s a Good Fit

 SAP Basis Administrators
 SAP Security Consultant
 SOC Analysts
 Blue Teamers

A Taste of What You Will Learn:

  • Learn the MITRE Attack framework as a mid-level approach to attack simulation and response
  • Understand the triage process when addressing prioritized alarms or events
  • Learn how to determine applicable operation techniques for simple adversary scenarios and describe different security event sources across the OSI layer
  • Learn how to analyze and filter network traffic information and identify suspicious patterns in network traffic
  • Understand the general terms and concepts of a security incident and event management
  • Determine and implement simple correlations of security events, including alert thresholds based on examples

  • Learn typical security event sources for SAP applications and infrastructure and how to access them

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Operations Line of Defense

  • SAP Basis Administrator
  • SAP Security Consultant

Information Security Line of Defense

  • Blue Teamers
  • SOC Analysts

Who Else Might Be A Good Fit

If you have a traditional ABAP® development background and are just beginning with Javascript this course is a great fit to help you understand JavaScript and CDS Views from a security point of view and enhance your capability to develop secure apps

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
SAP Cyber Defense Analyst PR-CDA-001
SAP Cyber Defense Incident Responder PR-CIR-001


  • You know the network OSI model
  • You know the common traits of the TCP protocol
  • You know the different kind of network devices and their use in an IP-based network
  • You can describe confidentiality, integrity, and availability principles


  • You're familiar with common network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • You know common controls related to the use, processing, storage, and transmission of data in a network such as firewalls, reverse proxies, and authentication.
  • You can perform simple conversions of data formats and encodings


  • You're familiar with the concepts of network flow analysis
  • You're know approaches to analysis application logs
  • Fundamental knowledge about SAP core technologies such as NetWeaver and HANA

SAP Security Training Overview

Number of Modules: 8
Duration: 2 days, 8 hours total, (Day 1, 9:00 – 13:00, Day 2, 9:00 - 13:00)
Class size: 7-14 participants per class
Investment: €800 per person (excluding taxes)
Software Version: Unrestricted
Instructor: Marco Hammel
Modules Covered in Training:
  • Fundamentals of Cyber-Attack Kill Chain
  • Fundamentals of Security Operations Methods and Approaches
  • Fundamentals of Network Traffic Analysis
  • Overview of Security Event Analysis Concepts and Terms
  • Fundamentals of Security Event Analysis
  • Fundamentals of network intrusion detection for SAP
  • Fundamentals of security incident network containment
*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.


For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© landscape consisting of two stages. You can access to environment by a virtual desktop system with all necessary tools preinstalled

In Addition You Will Need:

A HTML5 ready browser preferably Edge, Chrome, Firefox(optional) Zoom