mssql – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Tue, 05 Nov 2024 11:34:27 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://www.sgbox.eu/wp-content/uploads/2020/09/cropped-Logo-SGBox-Trasparente-NO-SCRITTA-150x150.webp mssql – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Configure MSSQL App https://www.sgbox.eu/en/knowledge-base/configure-mssql-app/ Fri, 27 Mar 2020 19:49:50 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=3601 Download and Configure Microsoft SQL App

This articles explain how to configure MSSQL App in order to retrieve logs from a specificd database table.
Before start here you can find how our database is configured by logging in with SQL Authentication:
Configure MSSQL App

You can see:

  • In red: the database configuration
  • In black: the query results

Configure MSSQL App

Requirements:

  • SGBox version 4.2.5
  • The SQL Authentication must be used to execute the query

Go to the application lists from SGBox go to SCM > Applications
Configure MSSQL App

Select Vendors Integrations and download the application Log from SQL Server
Configure MSSQL App

You need to configure the application as follow:
Configure MSSQL App

Host: Database IP
Connection string: Used connect to the database
Username: SQL user used to login
Password: SQL user's password
Star Date: Initial date to retrieve logs
Timestamp field: The Column name that contain the timestamp
Timestamp table: The table that contain the timestamp
Separate field: Charater used to separate information once retrieved
Query: query used to extract information

After configured you need to schedule the application to be executed. See this section to know how to schelude an application.

The first time the application has been run some components are added and if everything is ok you can see in LM > Analysis> Historical Search the results
Configure MSSQL App

Once executed you’ll see your logs LM > Analysis > Historical Search
Configure MSSQL App

Configure MSSQL App

If yuo have more databases or more SQL Server you can clone it and configure a new one.
Configure MSSQL App

]]>