Splunk: The “data-to-everything” platform, including SAP

December 08, 2020
Written by Nick Hills

Nick is an experienced Splunk-Certified Architect and accomplished solutions architect with experience of designing global, scalable and high performance compliance and security incident monitoring solutions, both on-premise and in the cloud.



In the latest Gartner Magic Quadrant report, Splunk has been indicated as a leader in the SIEM industry for the seventh time in a row. In this blog, we look at

What is SIEM?

In layman’s terms, SIEM stands for Security Information and Event Management. SIEM focuses on real-time log and event data, and automatically categorises threats and risks by leveraging machine learning and predictive analytics to assist organisations in detecting attacks or data breaches as quickly as possible.

There are several options available when you need a SIEM solution, and Gartner has a Magic Quadrant report which explores the different options.



Splunk is the industry leader for SIEM, and their focus is to turn data into an actionable commodity. Their portfolio includes three products that focus on Security (and therefore SIEM): Splunk Enterprise Security (ES), Splunk User Behaviour Analytics (UBA) and Splunk Phantom (a “SOAR” add-on).


  • Splunk’s Enterprise Security offers organisations the ability to get complete visibility over the security risks in their landscape. The aim is to combat security threats with rapid operationalisation, and turn the data into knowledge to enable the right team to respond with maximum impact. Splunk Enterprise Security gives an analytics-driven approach to proactively mitigate risk.

  • Splunk UBA is an additional layer that provides machine learning to detect unknown threats and anomalous behaviour.

  • Phantom provides Security Orchestration, Automation, and Response (SOAR) capabilities, and is designed to provide automated remediation and mitigation of security incidents.

EPI-USE Labs has solved this challenge by developing a connector for Splunk called Cenoti.

What is the connection between Splunk and SAP?

Full visibility into security threats depends on full visibility into all of your IT systems. SAP has traditionally been some of a black box in terms of integration with external systems, and that has given operational and security teams a challenge in understanding the real-time status of the components of an ERP system.

What is Cenoti?


Cenoti is a combination of a certified SAP Application and Splunk-certified Apps which allow organisations to extract data from SAP systems and deliver them into a Splunk environment for use in several ways:


  • Via the Cenoti dashboards, reports and alerts in the Cenoti Application (for Splunk Core)

  • For Out-of-the-Box integration into Splunk Enterprise Security (Splunk ES), delivering numerous security use cases, correlation searches and enriching exports for assets and identities, custom visualizations including swimlanes, key panel indicators and glass tables.

  • Simple setup procedure to quickly integrate SAP operational data into Splunk IT Service Intelligence (Splunk ITSI) including service templates, KPI base searches, automatic discovery and glass tables.

New call-to-action



Explore Popular Tags

GDPR Data Privacy data security data secure GDPR compliance data scrambling POPI Act POPIA Data Redaction Data Sync Manager General Data Protection Regulation SAP GDPR Right to be forgotten Data Archiving Data Redact GDPR readiness GDPR deadline SAP data privacy and compliance sap Data privacy compliance SAP Data Security personal data SAP security SAP systems Access risk controls COVID-19 Data privacy regulations SAR Subject Access Request compliance CCPA Data minimisation Data privacy by design European operations Federal Law GRC for SAP Governance, Risk Management and Compliance (GRC) ICO May 2018 Reducing risk Right to Erasure Risk monitoring SAP data anonymised data security breach test data management Access Risk management Australian Privacy Act 1988 Backlog privacy debt Black Friday Black Friday hangover Black Friday sales Breach Notification Brexit Budget Canada data privacy legislation Cenoti Cenoti, connecting SAP with Splunk Client Sync Cloud migrations Confidentiality Consent DSM Data Portability Data integrity Data masking Data security breaches Documentation Employee data Europe Friday 25 May 2018 GDPR fine GDPR-type legislation Guest order HCM HR Information Commissioner’s Office Information transfer Infotype 41 New Zealand Privacy Act Object Sync Online shopping Penalties Phantom Privacy by Design Proportional Data Right to Access Risk management S/4HANA Migrations SAP S/4HANA SAP data encryption SAP data privacy and security SIEM Secure scrambled production data for testing Security Security Information and Event Management Security for SAP. Live Soterion South African data privacy legislation Splunk Splunk UBA Splunk’s Enterprise Security Success Factors Territorial Scope UK Government Virtual conference What does the European GDPR mean for Australia? masking rules one-time customer quality of test data system copy
+ See More

Get Instant Updates

Leave a Comment: