Edit

Update Microsoft Sentinel's SAP data connector agent

  • Article

This article shows you how to update an already existing Microsoft Sentinel for SAP data connector to its latest version.

To get the latest features, you can enable automatic updates for the SAP data connector agent, or manually update the agent.

The automatic or manual updates described in this article are relevant to the SAP connector agent only, and not to the Microsoft Sentinel solution for SAP. To successfully update the solution, your agent needs to be up to date. The solution is updated separately.

Prerequisites

Before you start, make sure that you have all the prerequisites for deploying Microsoft Sentinel solution for SAP applications.

For more information, see Prerequisites for deploying Microsoft Sentinel solution for SAP® applications.

Automatically update the SAP data connector agent (Preview)

You can choose to enable automatic updates for the connector agent on all existing containers or a specific container.

Important

Automatically updating the SAP data connector agent is currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Enable automatic updates on all existing containers

To enable automatic updates on all existing containers (all containers with a connected SAP agent), run the following command on the collector machine:

wget -O sapcon-sentinel-auto-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-sentinel-auto-update.sh && bash ./sapcon-sentinel-auto-update.sh

The command creates a cron job that runs daily and checks for updates. If the job detects a new version of the agent, it updates the agent on all containers that exist when you run the command above. If a container is running a Preview version that is newer than the latest version (the version that the job installs), the job doesn't update that container.

If you add containers after you run the cron job, the new containers aren't updated automatically. To update these containers, in the /opt/sapcon/[SID or Agent GUID]/settings.json file, define the auto_update parameter for each of the containers as true.

The logs for this update are under var/log/sapcon-sentinel-register-autoupdate.log/.

Enable automatic updates on a specific container

To enable automatic updates on a specific container or containers, run the following command:

wget -O sapcon-sentinel-auto-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-sentinel-auto-update.sh && bash ./sapcon-sentinel-auto-update.sh --containername <containername> [--containername <containername>]...

The logs for this update are under /var/log/sapcon-sentinel-register-autoupdate.log.

Disable automatic updates

To disable automatic updates for a container or containers, define the auto_update parameter for each of the containers as false.

Manually update SAP data connector agent

To manually update the connector agent, make sure that you have the most recent versions of the relevant deployment scripts from the Microsoft Sentinel GitHub repository.

Run:

wget -O sapcon-instance-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-instance-update.sh && bash ./sapcon-instance-update.sh

The SAP data connector Docker container on your machine is updated.

Be sure to check for any other available updates, such as:

Next steps

Learn more about the Microsoft Sentinel solution for SAP® applications:

Troubleshooting:

Reference files:

For more information, see Microsoft Sentinel solutions.