Microsoft SQL Server
The data source type for Microsoft SQL Server collect SQL events by using the syslog, Microsoft SQL, or JDBC connector.
The following table identifies the specifications for the Microsoft SQL Server data source type:
| Specification | Value |
|---|---|
| Manufacturer | Microsoft |
| Data source type | SQL Server |
| Supported versions | 2012, 2014 (Enterprise editions only), 2016, 2017, and 2019 |
| Event format |
|
| Recorded event types | SQL error log events |
| Automatically discovered? | No |
| Includes identity? | No |
| More information | Microsoft website (http://www.microsoft.com/en-us/server-cloud/products/sql-server/) |
You can integrate Microsoft SQL Server with the QRadar® product by using one of the following methods:
- Syslog
- The data source type for Microsoft SQL Server can collect syslog events.
- JDBC
- Microsoft SQL Server Enterprise can capture audit events by using the JDBC connector. The audit events are stored in a table view. Audit events are only available in Microsoft SQL Server 2012, 2014 Enterprise, and 2016.
To integrate Microsoft SQL Server with the QRadar product, use the following steps:
- For each instance of Microsoft SQL Server, configure your Microsoft SQL Server appliance to enable communication with the QRadar product.
- Add a data source for each instance of Microsoft SQL Server on your network.
For information about adding a data source, see Adding ingestion data sources.
If you are an IBM® QRadar user, see Terminology changes for QRadar customers.