Update the Microsoft Sentinel for SAP applications data connector agent

Article
12/17/2024

This article shows you how to update an already existing Microsoft Sentinel for SAP data connector to its latest version so that you can use the latest features and improvements.

During the data connector agent update process, there might be a brief downtime of approximately 10 seconds. To ensure data integrity, a database entry stores the timestamp of the last fetched log. After the update is complete, the data fetching process resumes from the last log fetched, preventing duplicates and ensuring a seamless data flow.

The automatic or manual updates described in this article are relevant to the SAP connector agent only, and not to the Microsoft Sentinel solution for SAP applications. To successfully update the solution, your agent needs to be up to date. The solution is updated separately, as you would any other Microsoft Sentinel solution.

Content in this article is relevant for your security, infrastructure, and SAP BASIS teams.

Prerequisites

Before you start:

Make sure that you have all the prerequisites for deploying Microsoft Sentinel solution for SAP applications. For more information, see Prerequisites for deploying Microsoft Sentinel solution for SAP applications.
Make sure that you understand your SAP and Microsoft Sentinel environments and architecture, including the machines where your connector agents and collectors are installed.

Configure automatic updates for the SAP data connector agent (Preview)

Configure automatic updates for the connector agent, either for all existing containers or a specific container.

The commands described in this section create a cron job that runs daily, checks for updates, and updates the agent to the latest GA version. Containers running a preview version of the agent that's newer than the latest GA version aren't updated. Log files for automatic updates are located on the collector machine, at /var/log/sapcon-sentinel-register-autoupdate.log.

After you configure automatic updates for an agent once, it's always configured for automatic updates.

Important

Automatically updating the SAP data connector agent is currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Configure automatic updates for all existing containers

To turn on automatic updates for all existing containers with a connected SAP agent, run the following command on the collector machine:

wget -O sapcon-sentinel-auto-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-sentinel-auto-update.sh && bash ./sapcon-sentinel-auto-update.sh

If you're working with multiple containers, the cron job updates the agent on all containers that existed at the time when you ran the original command. If you add containers after you create the initial cron job, the new containers aren't updated automatically. To update these containers, run an extra command to add them.

Configure automatic updates on a specific container

To configure automatic updates for a specific container or containers, such as if you added containers after running the original automation command, run the following command on the collector machine:

wget -O sapcon-sentinel-auto-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-sentinel-auto-update.sh && bash ./sapcon-sentinel-auto-update.sh --containername <containername> [--containername <containername>]...

Alternately, in the /opt/sapcon/[SID or Agent GUID]/settings.json file, define the auto_update parameter for each of the containers as true.

Turn off automatic updates

To turn off automatic updates for a container or containers, open the /opt/sapcon/[SID or Agent GUID]/settings.json file for editing and define the auto_update parameter for each of the containers as false.

Manually update SAP data connector agent

To manually update the connector agent, make sure that you have the most recent versions of the relevant deployment scripts from the Microsoft Sentinel GitHub repository.

For more information, see Microsoft Sentinel solution for SAP applications data connector agent update file reference.

On the data connector agent machine, run:

wget -O sapcon-instance-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-instance-update.sh && bash ./sapcon-instance-update.sh

The SAP data connector Docker container on your machine is updated.

Be sure to check for any other available updates, such as SAP change requests.

For more information, see: