MSSQL
Integration version: 12.0
Use Kerberos Authentication
Configure Microsoft SQL Server to work with Google Security Operations SOAR
Add your domain DNS servers to the /etc/resol.conf file:
#vi /etc/resolv.conf
Install the krb5 package for centos7:
#yum install krb5-workstation
Open the /etc/krb5.conf file and add your domain as default_realm with uppercase:
#vi etc/krb5.conf
Test connection with AD. You have to use a user that has access to Microsoft SQL Server database:
#kinit sql_user
Input your user password and show the obtained ticket:
#klist
Optional: Remove the kerberos ticket: #kdestroy -A
Optional steps to install Microsoft SQL Server tools for debugging
Add the Microsoft repository:
# curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/msprod.repo
Install Microsoft SQL Server tools:
# yum install mssql-tools unixODBC-devel
Binaries are installed in the following directory: /opt/mssql-tools/bin.
Test connection to the Microsoft SQL Server server:
#kinit sql_user
Run the following command:
/opt/mssql-tools/bin/sqlcmd -S sqlserver.yourdomain.com -E
Configure Microsoft SQL Server to work with Google Security Operations SOAR using Docker
Run a shell in a docker container:
docker exec -it siemplify /bin/bash
Add your domain DNS servers to the /etc/resol.conf file:
#vi /etc/resolv.conf
Install the krb5 package for centos7:
#yum install krb5-workstation
Open the /etc/krb5.conf file and add your domain as default_realm with uppercase:
#vi etc/krb5.conf
Obtain kerberos ticket. You have to use a user that has access to Microsoft SQL Server database:
#kinit sql_user
Enter your user password and show the obtained ticket:
#klist
Optional: Remove the kerberos ticket: #kdestroy -A
Configure MSSQL integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
Parameter Display Name | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
Description | String | N/A | No | Description of the Instance. |
Server Address | String | sqlserver.yourdomain.com | Yes | Address of the Microsoft SQL Server instance. |
Username | String | N/A | Yes | Username for the Microsoft SQL Server instance. |
Password | Password | N/A | Yes | The password of the according user. |
Windows Authentication | Checkbox | Unchecked | No | Use this checkbox to authenticate with Windows. |
Use Kerberos Authentication | Checkbox | Unchecked | No | |
Kerberos Realm | String | N/A | No | Kerberos Realm |
Kerberos Username | String | N/A | No | Kerberos Username |
Kerberos Password | Password | N/A | No | Kerberos Password |
Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Verify SSL | Checkbox | Checked | Yes | If enabled, verify that the SSL certificate for the connection to the Microsoft SQL Server is valid. |
The "Verify SSL" checkbox is applicable only for the ODBC driver version 18. If prior driver versions are installed on the Google Security Operations SOAR server host, this setting is ignored.
Actions
Ping
Description
Test connectivity to the SQL Server.
Parameters
Parameters | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Database Name | String | N/A | Yes | siemplify_integrations_db |
Run On
This action runs on all entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
success | True/False | success:False |
Run SQL Query
Description
Run an SQL query.
Parameters
Parameter | Type | Default Value | Is Mandatory | Description |
---|---|---|---|---|
Database Name | String | N/A | Yes | The DB name to run the query on. |
Query | String | N/A | Yes | The query to run. Default: SELECT * FROM <> |
Run On
This action runs on all entities.
Action Results
Script Result
Script Result Name | Value Options | Example |
---|---|---|
is_blocked | True/False | is_blocked:False |
JSON Result
[
{
"Name": "Actions Monitor Siemplify System",
"Creator": "System",
"Integration": "Siemplify",
"VersionId": "AAAAAAAAAAAA",
"ModificationTimenixTimeInMs": 1558278307098,
"Description": "Notifies of all the actions, that have individually failed at least 3 times, in the last 3 hours"
},{
"Name": "Jobs Monitor Siemplify System",
"Creator": "System",
"Integration": "Siemplify",
"VersionId": "ZZZZZZZZZZZZZ",
"ModificationTimenixTimeInMs": 1558278307098,
"Description": "Notifies of all the jobs, that have individually failed at least 3 times, in the last 3 hours"
}
]