you may consider using something like fiddler or burp, if debugging local SSL connections can help you find the details of the issue and the exact error message.
... View more
You can do a lot with Hana especially with XS or using the traditional ABAP.
But many problems Splunk addresses in processing large log type data from various sources will have to be reinvented by you since this type of use cases haven't matured on Hana yet.
Splunk is quite powerful and simple. And there is a strong community already. I'd stick to it.
... View more
Like you mentioned, using REST api to authenticate with default pass using Wget or curl would be the easiest test case. And also most reliable one.
... View more
make sure you review 4624 and 4625 events and correlate them. e.g. if 4625 is coming from same source but to multiple accounts, somebody is most likely attempting password guessing.
... View more
Best thing you can do there is SHA256-crypt-1000000 . This makes it almost impossible to guess passwords unless you have "Welcome-2016".
In our case we did not have the slow downs mentioned in the doc.
... View more