> ## Documentation Index
> Fetch the complete documentation index at: https://docs.luumen.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# SAP integration

> How Luumen integrates with SAP landscapes — collecting system data, components, and transport state, querying SAP BTP, and matching SAP Security Notes.

The SAP integration adds deep SAP-aware capabilities on top of Luumen's standard host monitoring — collecting SAP components, kernel and profile data, transport state, and optionally querying SAP BTP. It also powers SAP Security Note matching for hosts running SAP. This page is the entry point for the integration — it explains what Luumen connects to and what it does with the data, with links to deeper pages for transports, security notes, and BTP.

## What Luumen connects to

The SAP integration spans three connection types:

* **Direct host access** to your SAP hosts over SSH (Linux/AIX) or WinRM (Windows), using the same Luumen agent that monitors any host. This is where the bulk of SAP-system data comes from — components, kernel version, profile parameters, transport state.
* **SAP BTP** as a complementary data source for SAP component metadata. Enabled per workspace and configured with its own credentials. See [SAP BTP](#sap-btp) below.
* **SAP's published Security Notes feed**, ingested by Luumen centrally and matched to each customer's installed components. No customer-side credentials required. See [SAP Security Notes](/enterprise/alerts/sap-security-notes).

You don't have to enable all three. The host-level collection covers most use cases. BTP adds depth when local discovery is incomplete, and the Security Notes matching runs automatically once SAP components are reported.

## What the agent collects from SAP hosts

For SAP hosts, the standard data set includes:

* **Installed SAP components and versions.** The input for SAP Security Note matching.
* **SAP kernel version and patch level.**
* **Database product and version** (HANA, ASE, Oracle, etc.).
* **System ID (SID), instance number, and instance type.**
* **Profile parameters and key configuration values.**
* **Transport queue and import state** — see [SAP transports](/enterprise/integrations/sap-transports).

Custom SAP properties (specific profile parameters, transaction-level data, internal tables) can be added during white-glove setup if your team's checks depend on them.

## What it powers

The SAP integration feeds several parts of the platform:

<CardGroup cols={2}>
  <Card title="SAP Security Notes" icon="shield-halved" href="/enterprise/alerts/sap-security-notes">
    Match every SAP Security Note against installed components on your hosts. Irrelevant notes are auto-resolved.
  </Card>

  <Card title="Transport monitoring" icon="truck" href="/enterprise/integrations/sap-transports">
    Surface import queue depth, failed imports, and recent transport activity per host.
  </Card>

  <Card title="Compliance on SAP properties" icon="square-check" href="/enterprise/integrations/sap-compliance">
    Write compliance checks against SAP-specific properties — including transport state.
  </Card>

  <Card title="Host groups by SAP role" icon="layer-group" href="/enterprise/data/host-groups">
    Group hosts by SAP role (HANA primary, application server, web dispatcher, etc.) and target checks accordingly.
  </Card>
</CardGroup>

## SAP BTP

SAP BTP is supported as an optional second source of SAP-component data. Once enabled, the agent queries BTP on each run alongside its host-level collection.

BTP is most useful when:

* Some of your SAP systems are in environments where the agent can't reach them directly over SSH/WinRM.
* You want a cross-check on locally discovered component data.
* Your team maintains the system-of-record for SAP components in BTP and you want Luumen to source from there.

If your local discovery is reliable, BTP is optional and can be left disabled.

### BTP credentials

Configure BTP from the SAP integration settings in the Luumen UI:

* **Username** for SAP BTP.
* **Password** — entered directly or referenced from [HashiCorp Vault](/enterprise/installation/vault-integration).
* **Port**, if your BTP connection uses a non-default port.

BTP credentials are scoped to BTP queries only. They are unrelated to the SSH or WinRM credentials used to reach individual hosts.

## What Luumen doesn't do for SAP

A few deliberate non-features worth calling out:

* **No transport import.** Luumen reads transport state but does not import, release, or rollback transports. Promotion stays in your basis team's hands.
* **No write access to SAP systems.** The agent's service account is expected to be read-only for SAP files. Compliance findings are presented for your team to act on.
* **No SAP ABAP code analysis.** Luumen monitors the runtime side — installed components, kernel, profile params, transports. Static analysis of custom ABAP code is out of scope.
* **No replacement for SAP Solution Manager.** Solution Manager is SAP's tool for change and incident management; Luumen complements it by providing cross-system visibility and AI-assisted operations, not by replacing change-management workflows.

## Where to go next

* [SAP transports](/enterprise/integrations/sap-transports) — concept and what Luumen tracks.
* [Transports and compliance](/enterprise/integrations/sap-compliance) — using transport state in checks.
* [SAP Security Notes](/enterprise/alerts/sap-security-notes) — how notes are matched and triaged.
