JDBC log source parameters for Microsoft SharePoint with predefined database queries

Administrators who do not have permission to create a database view because of policy restrictions can collect Microsoft SharePoint events with a log source that uses predefined queries. If QRadar® does not automatically detect the log source, add a Microsoft SharePoint log source on the QRadar Console by using the JDBC protocol.

Predefined queries are customized statements that can join data from separate tables when the database is polled by the JDBC protocol.

Tip: Ensure that firewall rules are not blocking the communication between QRadar and the database that is associated with Microsoft SharePoint.

The following table describes the parameters that require specific values to collect JDBC events from Microsoft SharePoint:

Table 1. JDBC log source parameters for the Microsoft SharePoint DSM
Parameter	Value
Log Source type	Microsoft SharePoint
Protocol Configuration	JDBC
Log Source Identifier	Type the identifier for the log source. Type the log source identifier in the following format: `<SharePoint Database>@<SharePoint Database Server IP or Host Name>` Where: <`SharePoint Database`> is the database name, as entered in the Database Name parameter. <`SharePoint Database Server IP or Host Name`> is the host name or IP address for this log source, as entered in the IP or Hostname parameter.
Database Type	From the list, select MSDE.
Database Name	Type `WSS_Logging` as the name of the Microsoft SharePoint database.
IP or Hostname	Type the IP address or host name of the Microsoft SharePoint SQL Server.
Port	Type the port number that is used by the database server. The default port for MSDE is 1433. The JDBC configuration port must match the listener port of the Microsoft SharePoint database. The Microsoft SharePoint database must have incoming TCP connections that are enabled to communicate with IBM® QRadar. If you define a Database Instance when you use MSDE as the database type, you must leave the Port parameter blank in your configuration.
Predefined Query	From the list, select Microsoft SharePoint.
Use Prepared Statements	Select the Use Prepared Statements check box. Prepared statements allow the JDBC protocol source to set up the SQL statement one time, then run the SQL statement many times with different parameters. For security and performance reasons, it is suggested that you use prepared statements. Clearing this check box requires you to use an alternative method of querying that does not use pre-compiled statements.
Use NTLMv2	Select the Use NTLMv2 check box. This option forces MSDE connections to use the NTLMv2 protocol when they communicate with SQL servers that require NTLMv2 authentication. The default value of the check box is selected. If the Use NTLMv2 check box is selected, it has no effect on MSDE connections to SQL servers that do not require NTLMv2 authentication.

For a complete list of JDBC protocol parameters and their values, see JDBC protocol configuration options.