IBM Security QRadar

Hello

I am testing QRadar with my customer .My customer logs SQL audit logs into SQL table,this table has custom fields

QRadar cannot parse these custom fields.I can manually edit SQL DSM editor and create custom fields in DSM but if my customer in the future will add other fields in the SQL table this problem will occur again.

 

so what is the best solution in this situation, what can I do?

 

thank you and sorry for my bad English :))

------------------------------
Sicnerely,
Davit Ubilava
------------------------------

Hi Davit, of cause you can not predict all the possible future changes to this SQL table. My opinion is that if you think such changes are really possible, then it's better to create a view based on all the fields you need and poll it with QRadar. In this case, if customer changes the table in question you still have your ad-hoc view intact.

------------------------------
Dmitry Berezovik
------------------------------

Original Message:
Sent: Fri September 27, 2019 02:42 AM
From: Davit Ubilava
Subject: SQL Table Custom fields parsing problem

Hello

I am testing QRadar with my customer .My customer logs SQL audit logs into SQL table,this table has custom fields

QRadar cannot parse these custom fields.I can manually edit SQL DSM editor and create custom fields in DSM but if my customer in the future will add other fields in the SQL table this problem will occur again.

 

so what is the best solution in this situation, what can I do?

 

thank you and sorry for my bad English :))

------------------------------
Sicnerely,
Davit Ubilava
------------------------------