Anonymous_User Absent Member.
Absent Member.
284 views

Direct Queries using Database Connector


Good afternoon, I need to correlate the AD account creation with the
existence of one request stored in a MySQL database, if the request does
not exist, the AD account should not be created, or if it is already
created, the correlation action should be delete that account. I have
one Windows Connector using WMI connected to DC, and one database
connector connected successfully to the MySQL Database. The question is
how could I make the query without the creation of a stored procedure in
the database?. I know there is an option that allows the direct query to
the database, but I have not been able to found what the steps are,
preferable with clear examples. ¿Could you please help me showing me up
this instructions?. Thank you in advance.


--
apinzon
------------------------------------------------------------------------
apinzon's Profile: http://forums.novell.com/member.php?userid=101459
View this thread: http://forums.novell.com/showthread.php?t=431864

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Direct Queries using Database Connector


Hi apinzon,
Ok, well so I would approach this as follows:
1) Write a "Account Creation Requests" Collector that collects creation
request events from the DB using the Database Connector. To do this with
the SDK, you need to define your query in the template's 'sqlquery.base'
file, but you also need to define an "offset parser" and also supply a
replacement parameter in the query for the offset. As long as you have a
linearly increasing field in the DB, that's pretty easy - time's usually
good, although if you could ever get more than one event in a single
"timeslice" (e.g. a single second, if that's the resolution), then you
might need to deal with suboffsets - let's only go there if we need to.

2) Use the existing AD and WIndows Collector to get the account
creation events.

3) Write a correlation rule that uses either a Dynamic List or a
window() to store the DB requests and compare them to AD account create
events. If no such request exists, then trigger your remediation.

There's an example in sqlquery.base which has everything you should
need, and IIRC there's an example of an offset parser as well - you just
need to specify how to extract the offset from the returned record.


--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
View this thread: http://forums.novell.com/showthread.php?t=431864

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Direct Queries using Database Connector


Thank you very much David, I have a couple questions:
-In point 3 you say I can store DB requests in a Dynamic List, the
question is ¿how can I do that?, I know how to create Dynamic Lists, but
its a manually creation, I do not know how sore DB requests there.
-Where can I find sqlquery.base example?.
-What is IIRC?.
Thank you in advance.

Best regards.


--
apinzon
------------------------------------------------------------------------
apinzon's Profile: http://forums.novell.com/member.php?userid=101459
View this thread: http://forums.novell.com/showthread.php?t=431864

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Direct Queries using Database Connector


Hi apinzon,

1) 'Novell Doc: Sentinel 6.1 Rapid Deployment User Guide - Dynamic
Lists'
(http://www.novell.com/documentation/sentinel61rd/s61rd_user/data/dynamic_lists.html)
The correlation rule you write will need to pick out some piece of data
from an event from your custom Collector, and put that piece of data on
the dynamic list. That piece of data should match something else from
the AD event. The DL is created manually in advance, then the rule will
populate/depopulate the list.

2) After you create a new Collector, one will be in the dev directory

3) 'IIRC - Slang/Internet Slang'
(http://www.acronymfinder.com/Slang/IIRC.html)


--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
View this thread: http://forums.novell.com/showthread.php?t=431864

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.