Oracle Database Auditor: Workbooks with not results #9987
Comments
|
OracleDatabaseAuditEvent | where isnotempty(DstUserName)| summarize TotalEvents = count() by DstUserName| order by TotalEvents| take 2
OracleDatabaseAuditEvent | where isnotempty(SrcUserName)| summarize TotalEvents = count() by SrcUserName
|
|
Hi @gmarmolejos , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 27Feb24. Thanks! |
|
Hi @gmarmolejos ,Have couple of questions after running the above queries ,we have results then work book should have results,What is the issue,could you please explain the issue in detail with screen shots. |
|
Hi @v-muuppugund. The issue is in the workbooks oracle database audit, i don't have no value in the database tables queried as well users's privileges. This two are empty. |
|
I kept the same queries in both tables. I supposed it's the default one and nothing. No value, only empty. |
|
@gmarmolejos, thank you for your response, we will check on it and get back to you by some updates. Thanks! |
|
Hi @gmarmolejos ,Will be working on the setup,will post you updates |
|
Hi @gmarmolejos ,Working on Oracle set up in VM will verify the results,will update you,Mean while could you please share data of OracleDatabaseAuditEvent to v-muuppugund@microsoft.com,will do analysis on data also. |
|
Hi @gmarmolejos ,Gentle reminder,Working on Oracle set up in VM will verify the results,will update you,Mean while could you please share data of OracleDatabaseAuditEvent to v-muuppugund@microsoft.com,will do analysis on data also. |
|
Hi @gmarmolejos, I have facing issue with logging data in to logs from oracle and am working on it |
|
Hi @v-muuppugund , i'm very sorry fot this very late response. The work keep me very busy. It's possible to share only one or two records o is it possible to know what kind the information do you need to help me? The problem is that this information is very sensitve and critical in my work. it's reveals too much information of my infrastructure |
|
Hey @gmarmolejos, you can share the sample data after running the parser: - https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/OracleDatabaseAudit/Parsers/OracleDatabaseAuditEvent.yaml |
|
Hi @gmarmolejos ,I am able to resolve the logging issue and will share the work book results with you in some time |
|
Hi @gmarmolejos ,We need to modify the query and added the query below Syslog Please find below screen shot for reference |
|
Hi @gmarmolejos ,I have raised PR (#10273) for the same for the above changes and closing the issue (#9987) as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation! |
Describe the bug
Oracle Database Auditor doesn't bring information about Oracle Database Table Queried and User' Privileges. It only shows the query returned no results
To Reproduce
Steps to reproduce the behavior:
Expected behavior
To be fair all the information are shows but those two. It's possible to modify the query to receive these information or why is in the workbook's sample these information?
If i try to execute use it the TableName object doesn't work either.
i create this issue previously here:
#9602
it was closed because i didn't provide the information requested during the expected time.
Here is:
The return information is very sensitive to us, but i'm going to share the first two row each and hide the real data. Although i receive information from both queries.
OracleDatabaseAuditEvent | where isnotempty(DstUserName)| summarize TotalEvents = count() by DstUserName| order by TotalEvents| take 2
image
OracleDatabaseAuditEvent | where isnotempty(SrcUserName)| summarize TotalEvents = count() by SrcUserName
image
The case was seeing by the user:
v-muuppugund (thanks for the help). i'm very grateful
The text was updated successfully, but these errors were encountered: