Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Is there is a SQL query that can be run against the CA database to determine if it has a SIEM configuration enabled? We have a large environment with many CA installations, so direct SQL query would be much faster and easier than inspecting each installation individually.
Cause
Quest Support does not support the direct querying of the SQL database.
Resolution
Workaround
You can try the following query against each SQL database:
SELECT TOP (1000) [GroupID],[Data] FROM [MyChangeAuditor].[Configuration].[WebHookStatus]
You will have to change the [MyChangeAuditor] to be the name of your CA database(s).
Each of the line items will represent a different subscription that is setup in CA (SIEM and Threat Detection).
The [GroupID] represents the GUID of the subscription itself, You can verify this by comparing the data on the Event Subscriptions page, if you expand the subscription the the Webhook Subscription ID should correlate to the entry.
The data in the [DATA] field is actually the XML configuration that is used. The "<Enabled>0</Enabled>" or "<Enabled>1</Enabled>" lines in the XML denotes if the subscription is active or not.
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Recommended Content
Product(s):
Change Auditor
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0
Topic(s):
How To
Article History:
Created on: 2/4/2020 Last Update on: 5/7/2023
Thank you for your feedback for Topic Request
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to Quest Support
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.