Data Extraction Guides
Step-by-step instructions for extracting the files needed to run a AuditCore assessment. Share the relevant guide with your client's IT or Basis team before the engagement.
All extractions are read-only. No changes are made to any system during data collection. A Basis Administrator (SAP), IT Security Manager (Oracle), Global Administrator (D365), Administrator (NetSuite / Sage Intacct / Sage X3), ReadOnly IAM User (AWS), or Reader + Security Reader (Azure) role is sufficient for all exports.
SAP S/4 HANA
Data Extraction Guide
Transaction codes, SE16 table exports, HANA SQL queries, and BTP Cockpit paths for all 25 export files across 9 security domains.
25
Export files
9
Domains
75+
Checks run
Open SAP Guide
Oracle Fusion ERP
Data Extraction Guide
Security Console, IDCS Admin, OIC, OTBI, and AME navigation paths for all 17 export files across Oracle Fusion's security domains.
17
Export files
17
Domains
55+
Checks run
Open Oracle Guide
Microsoft Dynamics 365
Data Extraction Guide
PowerShell script + manual paths for Entra ID, Dataverse, Power Platform Admin — all 24 export files across 8 security domains.
24
Export files
8
Domains
44+
Checks run
Open D365 Guide
Oracle NetSuite
Data Extraction Guide
SuiteQL REST API (TBA) + manual export paths for all 20 files across 7 security domains including SoD, financial controls, and TBA token security.
20
Export files
7
Domains
45+
Checks run
Open NetSuite Guide
Sage Intacct
Data Extraction Guide
XML Web Services API extraction + manual paths for all 18 files across 6 security domains including multi-entity security and AP controls.
18
Export files
6
Domains
41+
Checks run
Open Intacct Guide
Sage X3
Data Extraction Guide
Syracuse REST API extraction + manual paths for all 18 files covering AUTILIS, ADXTRACE, GACCENTRY, PAYMENTH and X3 workflow security.
18
Export files
6
Domains
40+
Checks run
Open Sage X3 Guide
Amazon Web Services
Data Extraction Guide
AWS CLI PowerShell script for all 13 files — IAM credential report, S3, EC2, CloudTrail, KMS, RDS and account security settings.
13
Export files
7
Domains
41+
Checks run
Open AWS Guide
Microsoft Azure
Data Extraction Guide
Az PowerShell + Microsoft Graph script for all 11 files — Azure AD users, admins, CA policies, NSGs, Key Vaults, SQL, and Defender for Cloud.
11
Export files
7
Domains
39+
Checks run
Open Azure Guide
What each guide covers
| Area | SAP S/4 HANA | Oracle Fusion | Dynamics 365 | NetSuite | Sage Intacct | Sage X3 | AWS | Azure |
|---|---|---|---|---|---|---|---|---|
| User Accounts & Roles | USR02, AGR_USERS via SE16 | Security Console → Users | Graph API / Dataverse systemusers | employee / role exports | users / user_role_assignments | AUTILIS / user_profiles | iam_credential_report / iam_users | aad_users / aad_admins |
| Identity & MFA | — | IDCS MFA & Session settings | Entra ID MFA report + CA policies | password_policy | password_policy / session cfg | password_settings | iam_credential_report (mfa_active) | aad_users (mfa_registered) |
| Privileged Access | SUIM role/auth export | AACG export or computed | Role assignments cross-check | role_assignments / permissions | module_permissions / roles | function_authorizations | iam_users (AdministratorAccess) | aad_admins (Global Admin) |
| Password / Auth Policy | Profile parameters (RZ11) | IDCS Admin Console | Conditional Access policies | password_policy | password_policy | password_settings | account_settings | conditional_access |
| Audit Logging | SM19 Security Audit Log | Manage Audit Policies | D365 Audit settings + log entries | login_audit / system_notes | audit_trail / login_history | ADXTRACE / connection_log | cloudtrail_trails | activity_logs |
| Financial Controls | F110, SE16 REGUH | AME Approval Rules | Journal entries, vendor master | journal_entries / payments | journals / ap_transactions | GACCENTRY / PAYMENTH | — | — |
| Integration / API Security | SM59 RFC Destinations | OIC Connections | API connections, flow perms | integration_tokens / restlets | api_credentials / platform_apps | webservices_endpoints | iam_roles (trust policies) | role_assignments (service principals) |
| Data Security | S_TABU_DIS / S_TABU_NAM | Oracle DPVS policies | Field security profiles, POA | saved_searches / custom_fields | reports / dimensions | data_access_rules / report_perms | s3_buckets | storage_accounts / sql_servers |
| Network Security | — | — | DLP policies | — | — | — | security_groups / vpc_config | nsg_rules / vms |
| Encryption | — | — | — | — | — | — | kms_keys / rds_instances | key_vaults / storage_accounts |
| Platform / Compliance | Client settings SCC4 | — | Environment settings, DLP | account_preferences | entities / platform_apps | site_settings | account_settings / config_rules | subscriptions (Defender for Cloud) |
| Approval Workflows | — | AME Approval Rules | Power Automate flows | approval_history | approval_workflows | workflows / approval_history | — | — |
| Vendor / Supplier | SE16 REGUH / LFB1 | — | vendor master | vendors | vendors | BPSUPPLIER / vendor_master | — | — |
Need help extracting data? Contact support@vergent.co.ke