Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Oracle Database Audit Event data naming mismatch

Open TheCat1989 opened this issue 2 years ago • 7 comments

Hi Team

Since the update of the Oracle database audit parser change, the data types in the logs seems to be changed. The change of the parser will make the old analytic rule and hunting query unusable.

for example in the parser, the SrcUserName is renamed as CURUSE image

however, in the analytic rules the attribute remained unchanged.

image

TheCat1989 avatar Oct 24 '22 09:10 TheCat1989

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 24 '22 09:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 25 '22 05:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 25 '22 05:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 25 '22 05:10 github-actions[bot]

Hi @TheCat1989, My team is working on fixing this issue. @NikTripathi - Can you please provide update once the Parser changes are live. Thanks

v-mchatla avatar Oct 26 '22 08:10 v-mchatla

Sure, please let us know if when the changes are live. thanks again for the help !

TheCat1989 avatar Oct 26 '22 13:10 TheCat1989

Hi @TheCat1989, The parser is optimized and currently pending with certification process. We will share you the update once it's pushed to live. Meanwhile you can review the parser from this link. Thanks

v-mchatla avatar Jan 04 '23 09:01 v-mchatla

Hi @TheCat1989, Closing this incident as fixed. Please feel free to reopen the issue if you still need any further assistance on this. Thanks

v-mchatla avatar Feb 13 '23 06:02 v-mchatla

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Feb 13 '23 06:02 github-actions[bot]