AppsMas: Onapsis Platform 2022 Highlights

SAP is the world’s largest provider of enterprise application software. SAP customers generate 87% of total global commerce ($46 trillion) and 99 of the 100 largest companies in the world are SAP customers. 

Looking at the SAP Corporate Fact Sheet, the following stats really jump out:

  • SAP customers generate 87% of total global commerce ($46 trillion)
  • 99 of the 100 largest companies in the world are SAP customers.

Oracle has equally impressive stats when it comes to the global reach of their applications:

  • 430,000 customers in 175 countries
  • 20,000 partners across the globe

It could be argued that it is in the world’s best interests that these systems be secured. But writing software to help secure these business critical applications is not something that is done easily or once. This is Onapsis’s core mission and what we aim to do each year.

As a product manager at Onapsis, I know how important it is to hear directly from the security and BASIS teams at these enterprises and understand their practices to keep these systems secure, and how our products can best integrate into their existing processes and increase the value and efficiency of these processes. This feedback helps validate that the hundreds of features we release each year provide the most value for our customers.

Now, upon reflecting on our 2022 accomplishments, it’s fulfilling to say we delivered 30+ software releases and hundreds of features to customers this year alone (not including the new vulnerability checks and monitoring rules) to help them secure their most critical business applications.

When I consider the most impactful features we released in 2022, I leaned heavily on the  feedback loop we have with customers. The following highlights generated the most feedback and excitement across our customer base:


We completed a transformation of the Onapsis Platform UI. There are many (many!) benefits to this transformation, the primary being a transformation from being scan centric to results centric. This transformation allowed us to provide rich dashboards to better help our customers understand changes to their results over time, generate richer reporting and overall have a better experience when using the Onapsis Platform.

SIEM Integration Extensions

The data produced by Onapsis is critical for our customers, but just as critical is getting that data into the right process and in front of the appropriate people as soon as possible. To help our customers achieve this we have released upgrades for our support for these integration SIEMS and ticketing systems.

Robust API

To support the broadest range of integrations possible, we provided an API that uses the GraphQL query language to request this data from the Onapsis Platform database. The Onapsis Platform’s API follows GraphQL best practices. Functionally, a GraphQL API differs from a REST (Representational State Transfer) API in several important (and beneficial) ways:

  • Single endpoint access: The most important distinction between a GraphQL API and a REST API is that a GraphQL API is typically limited to a single endpoint for requests. The top-down structure of a single endpoint API minimizes the effects of this evolution on existing requests.
  • Flexible queries: An additional result of the top-down structure of a GraphQL API is the flexibility of the queries. With a GraphQL API, you can request, filter, and order any available data through one endpoint. In comparison, a REST API often requires multiple endpoints for the same result. The inflexibility of endpoints in a REST API means that querying multiple endpoints often results in receiving more data than you require.
  • Detailed error messages: If you send an invalid query in a request, GraphQL won’t just return an HTTP error status code; instead, a more detailed error message is included in the response. This provides more valuable feedback when validating your queries.

Threat Intel Center (TIC)

Onapsis has a long and proud history of the identification and responsible disclosure of previously unknown vulnerabilities in ERP applications. In fact this year we passed the 1,000 discovered vulnerabilities mark. The TIC provides a high-impact, consolidated view into new critical threat campaigns and elevated threat actor activity targeting vulnerable and legacy ERP systems. This provides one-click visibility into affected assets and makes it easy to share risk and exposure with other stakeholders across the business. Customers have also let us know that their security team members that are new to ERP systems use the prioritized set of content provided by the Threat Intel Center to start familiarizing themselves with ERP-specific vulnerabilities and their business impact.

Defend – Anomaly Scoring via Machine Learning

Through the use of machine learning, Defend now adds an anomaly score to some incidents and notable events that helps you determine how risky the occurrence might be. A score represents deviation from a “norm” where 0 is closest to the norm and 100 is furthest away (most anomalous). The norm represents the most “typical” occurrence of the incident or event as defined by a machine learning algorithm.

The machine learning algorithm is fed events from the ABAP asset’s Security Audit Log (SAL). It scores each event by comparing it with previous similar events. The algorithm then uses the scores to train models that analyze event data, for now frequency and user behavior. As the number of scored events grows the models develop a baseline for what is relatively “normal” for given events and can compare new events against them. Using multiple models helps provide complementary insights and detect a wider variety of anomalous activities.

Take a look at our other AppMas Blogs from this year: