- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Set Up Microsoft SQL Collector
If you use Microsoft SQL Relational Database Management Systems (RDBMS), you can set up the Microsoft SQL collector to pull logs from your RDBM sources. The Microsoft SQL collector is a set of Site Collector flows, pre-built processors, groups, custom processors, other components, and integrations that pull logs in JSON format from your databases and push the logs to the Exabeam Security Operations Platform.
This collector supports the following Microsoft SQL database versions: Microsoft SQL 2016 SP3, 2017, 2019, and 2022.
To set up a Microsoft SQL collector:
Log in to the Exabeam Security Operations Platform with your registered credentials.
Navigate to Collectors > Site Collectors.
Ensure that Site Collector is installed and in running state.
On the Site Collector page, click the Collectors Library tab, then click Microsoft SQL.
In the Definition section, enter the required information as follows.
Collector Name – Specify a name for the Microsoft SQL collector.
Note
Ensure that you specify different names for Site Collector instance and the collector.
Site Collector Instance – Select the site collector instance for which you want to set up the Microsoft SQL collector.
MS SQL Hostname or IP – Enter the IP address of the Microsoft SQL database server from which you want the Microsoft SQL collector to pull logs.
Port – Enter the port number of your Microsoft SQL server.
Database – Enter the database name of the destination.
Enable SSL – Select to enable secure connection between the Microsoft SQL collector and your Microsoft SQL server.
Click Next.
In the Authentication section, enter the username and password of an existing database user of your MS SQL server, for establishing connection with the Microsoft SQL source.
Click Next.
In the Data section, enter the required information as follows.
Fetch Interval – Select the time interval within which you want the Microsoft SQL collector to pull logs. For example: 30 sec, 1 min, 2 min, 3 min, 4 min, or5 min.
Search Query – Enter the following details:
Iterator Column – Enter the value that will be used for incremental data pull. Ensure that the column value is unique, and is returned in the query result set.
Iterator column initial value – Enter the value for the initial data pull. Use the iterator column initial value to pull historical data.
Query – Enter the Microsoft SQL query to specify the type of data that you want the collector to pull.
For example: To fetch logs from the Microsoft SQL database, use the following query.
Select * FROM <table> tmp.id > 0
where id is an iterator column
The Iterator Column value must be returned as a uniquely named column in the dataset. If you use joins, use AS to specify a rename for the iterator. For example:
Select table1.id as iterator, table2.id, table2.value from table1 join table2 on table1.id = table2.fk where table2.value > 0
Query Preview – View the preview of the query that you enter.
For example:
SELECT * FROM (SELECT * FROM <table> ) WHERE id > 0
Click Setup.
The Microsoft SQL collector is set up and is ready to pull logs from your Microsoft SQL database.
After the Microsoft SQL collector is set up, Site Collector Core starts pulling logs periodically based on the query entered by the user and uploads logs to Exabeam Security Operations Platform. If the Microsoft SQL database is not available, Site Collector core resumes pulling logs from the place where it stopped.
Note
BLOB fields collection is not supported.
In case of installation failure, the collector is disabled, and the configuration is saved. You can check the status of the collector by accessing the user interface or by using the support package.