El envío de formularios en el sitio de soporte no está disponible temporalmente para programar el mantenimiento. Si necesita asistencia inmediata, comuníquese con el soporte técnico. Disculpe las molestias ocasionadas.
Is there is a SQL query that can be run against the CA database to determine if it has a SIEM configuration enabled? We have a large environment with many CA installations, so direct SQL query would be much faster and easier than inspecting each installation individually.
Causa
Quest Support does not support the direct querying of the SQL database.
Resolución
Workaround
You can try the following query against each SQL database:
SELECT TOP (1000) [GroupID],[Data] FROM [MyChangeAuditor].[Configuration].[WebHookStatus]
You will have to change the [MyChangeAuditor] to be the name of your CA database(s).
Each of the line items will represent a different subscription that is setup in CA (SIEM and Threat Detection).
The [GroupID] represents the GUID of the subscription itself, You can verify this by comparing the data on the Event Subscriptions page, if you expand the subscription the the Webhook Subscription ID should correlate to the entry.
The data in the [DATA] field is actually the XML configuration that is used. The "<Enabled>0</Enabled>" or "<Enabled>1</Enabled>" lines in the XML denotes if the subscription is active or not.
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Bienvenido al portal de soporte
Puede encontrar ayuda de soporte en línea para el *producto* Quest en un sitio de soporte afiliado. Haga clic en Continuar para ser dirigido al contenido de soporte y a la asistencia adecuados para el *producto*.