From 234e9223c3b8f3d1c30209d9663797ba69057533 Mon Sep 17 00:00:00 2001 From: Chronicle Team Date: Tue, 26 May 2026 10:33:55 -0700 Subject: [PATCH] No public description PiperOrigin-RevId: 921549644 --- rules/community/sap/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rules/community/sap/README.md b/rules/community/sap/README.md index 86312a7..a4fd1f9 100644 --- a/rules/community/sap/README.md +++ b/rules/community/sap/README.md @@ -128,4 +128,10 @@ credentials, or PII. | Category | Requirement | | :--- | :--- | | **Case Sensitivity** | All entries must be in **UPPERCASE**. SAP logs store User IDs, Roles, and Programs in uppercase; lowercase entries will result in missed detections. | -| **Maintenance** | Lists should be reviewed quarterly or following any major SAP transport cycle where new `Z` programs or roles are introduced. | \ No newline at end of file +| **Maintenance** | Lists should be reviewed quarterly or following any major SAP transport cycle where new `Z` programs or roles are introduced. | + +[!WARNING] + **Test Before Deploying:** These SAP community detection rules serve as + foundational templates. Because every SAP environment is unique, you should + thoroughly test all rules against historical data and modify their logic as + needed to match your specific logging structures and security use cases.