Managed Database Security Events - List By Database

Service:

SQL Database

API Version:

2021-11-01

Gets a list of security events.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?api-version=2021-11-01

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?$filter={$filter}&$skip={$skip}&$top={$top}&$skiptoken={$skiptoken}&api-version=2021-11-01

URI Parameters

Name	In	Required	Type	Description
databaseName	path	True	string	The name of the managed database for which the security events are retrieved.
managedInstanceName	path	True	string	The name of the managed instance.
resourceGroupName	path	True	string	The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
subscriptionId	path	True	string	The subscription ID that identifies an Azure subscription.
api-version	query	True	string	The API version to use for the request.
$filter	query		string	An OData filter expression that filters elements in the collection.
$skip	query		integer int64	The number of elements in the collection to skip.
$skiptoken	query		string	An opaque token that identifies a starting point in the collection.
$top	query		integer int64	The number of elements to return from the collection.

Responses

Name	Type	Description
200 OK	SecurityEventCollection	Successfully retrieved the list of security events.
Other Status Codes		*** Error Responses: *** 404 SourceDatabaseNotFound - The source database does not exist. 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance. 404 SubscriptionDoesNotHaveServer - The requested server was not found 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.

Examples

Get the managed database's security events with maximal parameters

Get the managed database's security events with minimal parameters

Get the managed database's security events with maximal parameters

Sample request

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$filter=ShowServerRecords eq true&$skip=0&$top=1&$skiptoken=eyJCbG9iTmFtZURhdGVUaW1lIjoiXC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbG92ZXJJbmRleCI6IjAiLCJFbmREYXRlIjoiXC9EYXRlKDE1MTI0NjYyMDA1MjkpXC8iLCJJc1NraXBUb2tlblNldCI6ZmFsc2UsIklzVjJCbG9iVGltZUZvcm1hdCI6dHJ1ZSwiU2hvd1NlcnZlclJlY29yZHMiOmZhbHNlLCJTa2lwVmFsdWUiOjAsIlRha2VWYWx1ZSI6MTB9&api-version=2021-11-01

Java

/**
 * Samples for ManagedDatabaseSecurityEvents ListByDatabase.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/sql/resource-manager/Microsoft.Sql/stable/2021-11-01/examples/ManagedDatabaseSecurityEventsGetMax.
     * json
     */
    /**
     * Sample code: Get the managed database's security events with maximal parameters.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getTheManagedDatabaseSSecurityEventsWithMaximalParameters(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure.sqlServers().manager().serviceClient().getManagedDatabaseSecurityEvents().listByDatabase("testrg",
            "testcl", "database1", "ShowServerRecords eq true", 0L, 1L,
            "eyJCbG9iTmFtZURhdGVUaW1lIjoiXC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbG92ZXJJbmRleCI6IjAiLCJFbmREYXRlIjoiXC9EYXRlKDE1MTI0NjYyMDA1MjkpXC8iLCJJc1NraXBUb2tlblNldCI6ZmFsc2UsIklzVjJCbG9iVGltZUZvcm1hdCI6dHJ1ZSwiU2hvd1NlcnZlclJlY29yZHMiOmZhbHNlLCJTa2lwVmFsdWUiOjAsIlRha2VWYWx1ZSI6MTB9",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "nextLink": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$skipToken=C9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sb&api-version=2017-10-01-preview",
  "value": [
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
      "name": "06364798761800000000000000001",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "properties": {
        "eventTime": "2017-12-24T10:13:24.729Z",
        "securityEventType": "SqlInjectionExploit",
        "subscription": "00000000-1111-2222-3333-444444444444",
        "server": "testcl",
        "database": "database1",
        "clientIp": "10.166.113.220",
        "applicationName": "myApp",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "threatId": "1",
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
          "statementHighlightOffset": 52,
          "statementHighlightLength": 13,
          "errorCode": 0,
          "errorSeverity": 0,
          "errorMessage": ""
        }
      }
    }
  ]
}

Get the managed database's security events with minimal parameters

Sample request

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?api-version=2021-11-01

Java

/**
 * Samples for ManagedDatabaseSecurityEvents ListByDatabase.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/sql/resource-manager/Microsoft.Sql/stable/2021-11-01/examples/ManagedDatabaseSecurityEventsGetMin.
     * json
     */
    /**
     * Sample code: Get the managed database's security events with minimal parameters.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getTheManagedDatabaseSSecurityEventsWithMinimalParameters(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure.sqlServers().manager().serviceClient().getManagedDatabaseSecurityEvents().listByDatabase("testrg",
            "testcl", "database1", null, null, null, null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "value": [
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
      "name": "06364798761800000000000000001",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "properties": {
        "eventTime": "2017-12-24T10:13:24.729Z",
        "securityEventType": "SqlInjectionExploit",
        "subscription": "00000000-1111-2222-3333-444444444444",
        "server": "testcl",
        "database": "database1",
        "clientIp": "10.166.113.220",
        "applicationName": "myApp",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "threatId": "1",
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
          "statementHighlightOffset": 52,
          "statementHighlightLength": 13,
          "errorCode": 0,
          "errorSeverity": 0,
          "errorMessage": ""
        }
      }
    },
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000002",
      "name": "06364798761800000000000000002",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "properties": {
        "eventTime": "2017-12-24T10:11:14.121Z",
        "securityEventType": "SqlInjectionExploit",
        "subscription": "00000000-1111-2222-3333-444444444444",
        "server": "testcl",
        "database": "database1",
        "clientIp": "10.166.113.220",
        "applicationName": "myApp",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "threatId": "1",
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test10'",
          "statementHighlightOffset": 52,
          "statementHighlightLength": 13,
          "errorCode": 0,
          "errorSeverity": 0,
          "errorMessage": ""
        }
      }
    },
    {
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000003",
      "name": "06364798761800000000000000003",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "properties": {
        "eventTime": "2017-12-24T10:03:17.066Z",
        "securityEventType": "SqlInjectionExploit",
        "subscription": "00000000-1111-2222-3333-444444444444",
        "server": "testcl",
        "database": "database1",
        "clientIp": "10.166.113.220",
        "applicationName": "myApp",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "threatId": "1",
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test9'",
          "statementHighlightOffset": 52,
          "statementHighlightLength": 13,
          "errorCode": 0,
          "errorSeverity": 0,
          "errorMessage": ""
        }
      }
    }
  ]
}

Definitions

Name	Description
SecurityEvent	A security event.
SecurityEventCollection	A list of security events.
SecurityEventSqlInjectionAdditionalProperties	The properties of a security event sql injection additional properties.
SecurityEventType	The type of the security event.

SecurityEvent

A security event.

Name	Type	Description
id	string	Resource ID.
name	string	Resource name.
properties.applicationName	string	The application used to execute the statement.
properties.clientIp	string	The IP address of the client who executed the statement.
properties.database	string	The database name
properties.eventTime	string	The time when the security event occurred.
properties.principalName	string	The principal user who executed the statement
properties.securityEventSqlInjectionAdditionalProperties	SecurityEventSqlInjectionAdditionalProperties	The sql injection additional properties, populated only if the type of the security event is sql injection.
properties.securityEventType	SecurityEventType	The type of the security event.
properties.server	string	The server name
properties.subscription	string	The subscription name
type	string	Resource type.

SecurityEventCollection

A list of security events.

Name	Type	Description
nextLink	string	Link to retrieve next page of results.
value	SecurityEvent[]	Array of results.

SecurityEventSqlInjectionAdditionalProperties

The properties of a security event sql injection additional properties.

Name	Type	Description
errorCode	integer	The sql error code
errorMessage	string	The sql error message
errorSeverity	integer	The sql error severity
statement	string	The statement
statementHighlightLength	integer	The statement highlight length
statementHighlightOffset	integer	The statement highlight offset
threatId	string	The threat ID.

SecurityEventType

The type of the security event.

Name	Type	Description
SqlInjectionExploit	string
SqlInjectionVulnerability	string
Undefined	string