0 Replies Latest reply on Mar 22, 2015 1:19 PM by secureinfofirst

    SIEM: SQL c2 audit parsing

    secureinfofirst

      SIEM : SQL c2 Audit parsing..

       

      we are collecting SQL c2 audit .. however the parsing is not proper at ESM. how to handle this.

       

      example : package has query like : drop table

       

      but i cant see drop command in any of the parsed field...

       

      please guide .... how to handle c2 syslog...

       

      Note: we dont have DEM or DAM