Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Is there is a SQL query that can be run against the CA database to determine if it has a SIEM configuration enabled? We have a large environment with many CA installations, so direct SQL query would be much faster and easier than inspecting each installation individually.
원인
Quest Support does not support the direct querying of the SQL database.
해결 방안
Workaround
You can try the following query against each SQL database:
SELECT TOP (1000) [GroupID],[Data] FROM [MyChangeAuditor].[Configuration].[WebHookStatus]
You will have to change the [MyChangeAuditor] to be the name of your CA database(s).
Each of the line items will represent a different subscription that is setup in CA (SIEM and Threat Detection).
The [GroupID] represents the GUID of the subscription itself, You can verify this by comparing the data on the Event Subscriptions page, if you expand the subscription the the Webhook Subscription ID should correlate to the entry.
The data in the [DATA] field is actually the XML configuration that is used. The "<Enabled>0</Enabled>" or "<Enabled>1</Enabled>" lines in the XML denotes if the subscription is active or not.
