cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM: SQL c2 audit parsing

SIEM : SQL c2 Audit parsing..

we are collecting SQL c2 audit .. however the parsing is not proper at ESM. how to handle this.

example : package has query like : drop table

but i cant see drop command in any of the parsed field...

please guide .... how to handle c2 syslog...

Note: we dont have DEM or DAM