Home

Results 1 to 4 of 4

Thread: Direct Queries using Database Connector

  1. #1
    apinzon NNTP User

    Direct Queries using Database Connector


    Good afternoon, I need to correlate the AD account creation with the
    existence of one request stored in a MySQL database, if the request does
    not exist, the AD account should not be created, or if it is already
    created, the correlation action should be delete that account. I have
    one Windows Connector using WMI connected to DC, and one database
    connector connected successfully to the MySQL Database. The question is
    how could I make the query without the creation of a stored procedure in
    the database?. I know there is an option that allows the direct query to
    the database, but I have not been able to found what the steps are,
    preferable with clear examples. Could you please help me showing me up
    this instructions?. Thank you in advance.


    --
    apinzon
    ------------------------------------------------------------------------
    apinzon's Profile: http://forums.novell.com/member.php?userid=101459
    View this thread: http://forums.novell.com/showthread.php?t=431864


  2. #2
    DCorlette NNTP User

    Re: Direct Queries using Database Connector


    Hi apinzon,
    Ok, well so I would approach this as follows:
    1) Write a "Account Creation Requests" Collector that collects creation
    request events from the DB using the Database Connector. To do this with
    the SDK, you need to define your query in the template's 'sqlquery.base'
    file, but you also need to define an "offset parser" and also supply a
    replacement parameter in the query for the offset. As long as you have a
    linearly increasing field in the DB, that's pretty easy - time's usually
    good, although if you could ever get more than one event in a single
    "timeslice" (e.g. a single second, if that's the resolution), then you
    might need to deal with suboffsets - let's only go there if we need to.

    2) Use the existing AD and WIndows Collector to get the account
    creation events.

    3) Write a correlation rule that uses either a Dynamic List or a
    window() to store the DB requests and compare them to AD account create
    events. If no such request exists, then trigger your remediation.

    There's an example in sqlquery.base which has everything you should
    need, and IIRC there's an example of an offset parser as well - you just
    need to specify how to extract the offset from the returned record.


    --
    DCorlette
    ------------------------------------------------------------------------
    DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
    View this thread: http://forums.novell.com/showthread.php?t=431864


  3. #3
    apinzon NNTP User

    Re: Direct Queries using Database Connector


    Thank you very much David, I have a couple questions:
    -In point 3 you say I can store DB requests in a Dynamic List, the
    question is how can I do that?, I know how to create Dynamic Lists, but
    its a manually creation, I do not know how sore DB requests there.
    -Where can I find sqlquery.base example?.
    -What is IIRC?.
    Thank you in advance.

    Best regards.


    --
    apinzon
    ------------------------------------------------------------------------
    apinzon's Profile: http://forums.novell.com/member.php?userid=101459
    View this thread: http://forums.novell.com/showthread.php?t=431864


  4. #4
    DCorlette NNTP User

    Re: Direct Queries using Database Connector


    Hi apinzon,

    1) 'Novell Doc: Sentinel 6.1 Rapid Deployment User Guide - Dynamic
    Lists'
    (http://www.novell.com/documentation/...mic_lists.html)
    The correlation rule you write will need to pick out some piece of data
    from an event from your custom Collector, and put that piece of data on
    the dynamic list. That piece of data should match something else from
    the AD event. The DL is created manually in advance, then the rule will
    populate/depopulate the list.

    2) After you create a new Collector, one will be in the dev directory

    3) 'IIRC - Slang/Internet Slang'
    (http://www.acronymfinder.com/Slang/IIRC.html)


    --
    DCorlette
    ------------------------------------------------------------------------
    DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
    View this thread: http://forums.novell.com/showthread.php?t=431864


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •