Identify and Neutralize the Bad Guys

Live Online Training
Introduction to Security Operations for Enterprise IT Environments Using SAP Technology 

The training provides competencies on how in the aftermath of a security incident, can the learners systematically determine what happened, when and how, which systems and data are affected, whether the attacker still has access to the affected network and how to preserve evidence?


8 Modules

Live instructor:


Maximum 14

Access and Infrastructure


 Certificate Upon Completion

Training Dates

Day 1, 28.09.22
Day 2, 06.11.22 

Who’s a Good Fit

 SAP Cyber Defense Analyst

 SAP Cyber Defense Incident Responder

A Taste of What You Will Learn:

  • Understand adversaries' techniques enabling you to identify and stop attacks on a computer network.
  • Learn security incident strategies carried out by security event analysts allowing you to provide a structured approach to managing attack scenarios.
  • Learn simple and cost-effective measures to recognize legitimate network traffic, identify suspicious traffic patterns, and continuously monitor activities in the network.
  • Learn the concepts and frameworks that help you to understand the correlating events of a security incident and that enable you to triage it.
  • Learn to collect, normalise, and correlate event data from different sources to get a comprehensive understanding of the security incident.

  • Learn what you can do to detect living off-the-land approaches and protocol-specific attacks in an SAP network.
  • Learn what fundamental concepts must be considered when responding to an attack in an SAP landscape to contain the attach and minimize unintended side-effects.

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Security Training Overview

Number of Modules: 8
2 days, 9 hours total, lunch breaks included, (Day 1 8:30 - 16:30, Day 2 10:00-11:00 CET)
Class size: 7-14 participants per class
Software Version: Unrestricted
 Marco Hammel
 Waseem Ajrab

Modules Covered in Online Class
  • Fundamentals of Cyber-Attack Kill Chains.
  • Fundamentals of Security Operations Methods and Approaches
  • Fundamentals of Network Traffic Analysis
  • Overview of Security Event Analysis Concepts and Terms
  • Fundamentals of Security Event Analysis
  • Fundamentals of network intrusion detection for SAP
  • Fundamentals of security incident network containment
  • Ask me anything session with the trainer

 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

NIST/NICE Cybersecurity Workforce Framework Work Roles
Work Role Title Work Role ID
SAP Cyber Defense Analyst PR-CDA-001
SAP Cyber Defense Incident Responder PR-CIR-001

Who Else Might Be A Good Fit

  • If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view.

           The learner knows:

  • The network OSI model.
  • The TCP protocol and traits.
  • Different network devices and their use in an IP-based network.
  • Network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defence-in-depth).
  • Common controls related to the use, processing, storage, and transmission of data in a network such as firewalls, reverse proxies, and authentication.

 The Learner Can:

  • Perform simple conversions of data formats and encodings.
  • Describe confidentiality, integrity, and availability principles.

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© system and different threat hunting and log correlation and search tools such as:
  • Zeek
  • Rita
  • ELK Stack and more ...

You can access to environment by a virtual desktop system with all necessary tools pre-installed.

In addition you will need:

HTML 5 ready Browser preferably Edge, Chrome, Firefox