MH
Hello All, am trying to create MSSQL task , but am receiving the following error on the log file
ERROR odbclog: Invalid parameter: No replaceable variables found in query ''
[resource id] = DBMonitor.InvalidParameterError
Size: a a a
2020 July 05
MH
SA
Hi All. when assets belongs to Non Compliant minimum password length or depth.. which standard it refers to?
EP
Saeed Alloubani
Hi All. when assets belongs to Non Compliant minimum password length or depth.. which standard it refers to?
Do you mean one of pre-saved queries in Asset Grid?
SA
Do you mean one of pre-saved queries in Asset Grid?
yes, when you consider this as non compliant, does this refer to a standard like PCI or ISO or it is just the Microsoft recommendations?
EP
Saeed Alloubani
yes, when you consider this as non compliant, does this refer to a standard like PCI or ISO or it is just the Microsoft recommendations?
These compliance queries are made by our experts and do not refer directly to any formal benchmark. If it does not fit your company's policy you can make a copy of the query and correct some parameters
SA
RS
Mohammed Houssani
ERROR odbclog: Invalid parameter: No replaceable variables found in query ''
[resource id] = DBMonitor.InvalidParameterError
[resource id] = DBMonitor.InvalidParameterError
have you define "key fields" for your query?
how odbclog module works?
we have a query for events selection
but events are the infinite stream
we call a query, fetch all events and pause collector for a short time
next run and we have to fetch only NEW events
how to distinguish them from OLD?
and how to keep DBA happy?
we need something in data with predictable behaviour to be used as marker OLD/NEW
usually you have some fields with monotonic behaviour - date or number fields
for example
BigLog table (Id bigint identity, eventbody text)
base query is a select Id, eventbody from BigLog
but Id is autoincrement field
we define Id as a keyfield and slightly modify query with predicate like
where Id > :Id:
":Id:" - placeholder to be replaced by odbclog on every run with maximum value from previous run
how odbclog module works?
we have a query for events selection
but events are the infinite stream
we call a query, fetch all events and pause collector for a short time
next run and we have to fetch only NEW events
how to distinguish them from OLD?
and how to keep DBA happy?
we need something in data with predictable behaviour to be used as marker OLD/NEW
usually you have some fields with monotonic behaviour - date or number fields
for example
BigLog table (Id bigint identity, eventbody text)
base query is a select Id, eventbody from BigLog
but Id is autoincrement field
we define Id as a keyfield and slightly modify query with predicate like
where Id > :Id:
":Id:" - placeholder to be replaced by odbclog on every run with maximum value from previous run
RS
just look in our standard profiles for ideas
М
Всем доброго времени суток! Пытаюсь запустить правило коррелеации в PTSIEMSDK_GUI. Получаю ошибку: [ERROR] Compilation failed:
error: Unable to load json document: The document root must not be followed by other values.
Build failed
Total files: 0
Total errors: 1
Подскажите, пожалуйста, как можно это исправить?
error: Unable to load json document: The document root must not be followed by other values.
Build failed
Total files: 0
Total errors: 1
Подскажите, пожалуйста, как можно это исправить?
LY
Всем доброго времени суток! Пытаюсь запустить правило коррелеации в PTSIEMSDK_GUI. Получаю ошибку: [ERROR] Compilation failed:
error: Unable to load json document: The document root must not be followed by other values.
Build failed
Total files: 0
Total errors: 1
Подскажите, пожалуйста, как можно это исправить?
error: Unable to load json document: The document root must not be followed by other values.
Build failed
Total files: 0
Total errors: 1
Подскажите, пожалуйста, как можно это исправить?
"Правильный" json: { ... }
"НЕ правильный" json: { ... }, { ... }
"НЕ правильный" json: { ... }, { ... }
2020 July 06
М
Пыталась запустить пример из гайда, но все равно выдает ошибку
М
Пробовала такой вариант тоже не подошел. (В нормализованом событии таб допавила)
М
Если не сложно подскажите, пожалуйста, как это исправить ?
М
М
Пример взяла из ptmpsiem22.0_developguide_ru.pdf стр. 48 4.6.6. match
IU
"fileds"
К
а я думал после нажатия на пасхалку начнут падать сиемы, а не конфетти...
MH
Hello All , Did anyone tried to get kasper logs from SQLExpress not MSSQL ? and is there any Task configuration differences ?
RS
the only difference is a instance name of SQL Server