The Microsoft SharePoint DSM for IBM® QRadar® collects audit events from the SharePoint database by using JDBC to poll an SQL database for audit events.
Audit events can track changes that are made to sites, files, and content that is managed by Microsoft SharePoint.
Microsoft SharePoint audit events include the following elements:
- Site name and the source from which the event originated
- Item ID, item name, and event location
- User ID associated with the event
- Event type, time stamp, and event action
Two log source configurations can be used to collect Microsoft SharePoint database events.
- Create a database view in your SharePoint database to poll for events with the JDBC protocol. See Creating a database view for Microsoft SharePoint.
- Create a JDBC log source and use predefined database queries to collect SharePoint events. This option does not require an administrator to create database view. See JDBC log source parameters for Microsoft Share Point.