search

Azure / Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.
https://azure.microsoft.com/en-us/services/azure-sentinel/
MIT License
4.49k stars 2.95k forks source link

SQLParser - Statement gets truncated #3968

Closed guarismo closed 2 years ago

guarismo commented 2 years ago

This is not capturing the whole statement, it gets truncated. https://github.com/Azure/Azure-Sentinel/blob/28c966e6bf7f6987c03dc20db9ff72568049b256/Parsers/SQLSever/SQLServer_Parser.txt#L31

To fix I added the next field extraction below it:

| parse RenderedDescription with * "database_name:" DatabaseName:string
"schema_name:" Temp:string
"object_name:" ObjectName:string
"statement:" Statement:string
"additional_information:" AdditionalInfo:string
"." *
github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

aprakash13 commented 2 years ago

Fixed by the PR 3977 by @samikroy

github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.