search

Azure / Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.
https://azure.microsoft.com/en-us/services/azure-sentinel/
MIT License
4.49k stars 2.95k forks source link

SQLParser misses logs because of "has" #3969

Closed guarismo closed 2 years ago

guarismo commented 2 years ago

https://github.com/Azure/Azure-Sentinel/blob/28c966e6bf7f6987c03dc20db9ff72568049b256/Parsers/SQLSever/SQLServer_Parser.txt#L18

For unknown reasons using "has" is not catching events from some servers

I fixed this for my environment by replacing "has" for "contains"

github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] commented 2 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.