Skip to main content
Skip table of contents

SICFCHK - SICF(SAP Internet Communication Framework) Services Data

Data Description

The SICFCHK event is used to get SICF Public Services as well as Services with Logon Data.

Potential Use Cases

This event could be used in the following scenarios:

  • To determine what Services are activated and what are deactivated services

  • To identify ICF Security Risks and What Services should be deactivated

  • Correlate ADS connection failures to other system activities

  • Review the ICF services which do not require authentication

  • ICF Services vs SAP Security Baseline (SAP Security Notes that recommends the services that should be deactivated) 

Metric Configuration

Extraction of inactive services as well snapshot data can be activated/deactivated using the Metric Configuration. To do this, log into the managed system and execute the /n/BNWVS/MAIN transaction. Then, go to Administrator → Setup Metric → Metric Configuration.

Activate/Deactivate the inactive services and snapshot data extraction in the below screen. If Snapshot is deactivated(blank), then only the delta services will be extracted that got added/changed within the extraction time range.

Splunk Event

The event will look like this in Splunk:

SAP Navigation

Log into the managed system and execute the report RSICFCHK to check the SICF Services details.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.