Using ERP Data For Quick Incident Response

    Several ERP incidents take a long time to investigate and resolve. When the staff faces significant challenges in resolving incidents in a timely manner, it is difficult to offer exemplary customer support to the business lines.

    There are three big barriers to the timely resolution of ERP incidents.

    1: Legacy ERP Logs Can’t Inform You About Data Access

    Most people who use an ERP program such as PeopleSoft do not know who does what, who accesses what data, or most importantly, why. You probably need to find out first whether this is something the user did, or hackers were able to gain access to the device, and whether this is an internal job or an external attack, you also need to figure out.

    And while the logs can show you the right direction, the legacy ERP logs are not meant to provide accurate details on who accessed anything confidential or even viewed it in most cases. This leads to the second hurdle.

    2: Disparate ERP Logs

    ERP logs are meant for troubleshooting, not recording granular activities, which leads to the inability of companies and business divisions to know what their workers are doing within the apps. Here’s an instance of all the native logs you could find in your PeopleSoft example:

    1. App Server
    2. PIA (Web Server)
    3. Process Scheduler
    4. Database
    5. Identity Provider (SAML, LDAP, ADFS)
    6. Load Balancer
    7. Firewall
    8. Host O/S Logs

    There is possibly more than one of these servers where these logs live in your company. You could have four servers for the application, eight web servers, and so on. You are looking at having a needle in some haystacks now. And there is no correlation between that data, so there is little relative context that can allow your investigation.

    Here is an example of App Server and Web Server logs being used. On the Web server, since you do not know the OPRID, you cannot recognize the person who signed in. An IP address and a timestamp are all you have. You need to go to the App Server and check the OPRID, timestamp, and IP address login or log-out and attempt to compare that information with similar Web Server information.

    3:Log Data Lacks Context

    When the team has obtained data from other sources from the logs and assembled information, the final step is to analyze it and make a best guess so that it is possible to create an action item. If you are unable to bring your data into a human context, how actionable is a list of raw data such as IP addresses, user IDs, computer locations, completed transactions, etc.?


    To provide the company with an understanding of what happened with their ERP data, simple, actionable insight is required. Data security and analytics solutions are available that log granular data access for users, compare current ERP logs, enrich data with contextual attributes (who, where, when what device, etc.), and show access and usage of ERP data on dashboards. Your team can now easily look at data access from IP addresses, user IDs, computer locations, pages accessed, etc., and understand the truth behind an incident very quickly.

    You lack perspective without context. Context provides actionable perspectives about data access and use. The business is supported by actionable perspectives and provides value for key stakeholders.

    Recent Articles

    Em ganho para isso

    Corrigir esses jogos pode não ser tão emocionante quanto os caça-níqueis de televisão, alguns desses jogos de cassino merecem atuação. Por último, os benefícios...



    Schließlich können Sie

    Darüber hinaus zeichnen sich Echtgeld-Pot-Slots durch schöne Kunst und Vokale aus. Um zu entscheiden, welches Casino die Außenflanke für Sie ist, nehmen Sie dasjenige, das...

    Identity and Access Management: Some Challenges

    In today's digital age, there are more apps that are cloud-based, more resources, more devices, and more users. 94 percent of Chief...

    Insider Threats: Some Ways Of Detection and Prevention

    The leading cause of data breaches worldwide is insider attacks, and it is also among the most expensive. As per a recent...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox