Managed Database Security Events - List By Database
Gets a list of security events.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?api-version=2023-08-01GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?$filter={$filter}&$skip={$skip}&$top={$top}&$skiptoken={$skiptoken}&api-version=2023-08-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
database
|
path | True |
string |
The name of the managed database for which the security events are retrieved. |
|
managed
|
path | True |
string |
The name of the managed instance. |
|
resource
|
path | True |
string |
The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal. |
|
subscription
|
path | True |
string |
The subscription ID that identifies an Azure subscription. |
|
api-version
|
query | True |
string |
The API version to use for the request. |
|
$filter
|
query |
string |
An OData filter expression that filters elements in the collection. |
|
|
$skip
|
query |
integer (int64) |
The number of elements in the collection to skip. |
|
|
$skiptoken
|
query |
string |
An opaque token that identifies a starting point in the collection. |
|
|
$top
|
query |
integer (int64) |
The number of elements to return from the collection. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Successfully retrieved the list of security events. |
|
| Other Status Codes |
*** Error Responses: ***
|
Examples
| Get the managed database's security events with maximal parameters |
| Get the managed database's security events with minimal parameters |
Get the managed database's security events with maximal parameters
Sample request
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$filter=ShowServerRecords eq true&$skip=0&$top=1&$skiptoken=eyJCbG9iTmFtZURhdGVUaW1lIjoiXC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbG92ZXJJbmRleCI6IjAiLCJFbmREYXRlIjoiXC9EYXRlKDE1MTI0NjYyMDA1MjkpXC8iLCJJc1NraXBUb2tlblNldCI6ZmFsc2UsIklzVjJCbG9iVGltZUZvcm1hdCI6dHJ1ZSwiU2hvd1NlcnZlclJlY29yZHMiOmZhbHNlLCJTa2lwVmFsdWUiOjAsIlRha2VWYWx1ZSI6MTB9&api-version=2023-08-01
Sample response
{
"nextLink": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$skipToken=C9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sb&api-version=2017-10-01-preview",
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
"name": "06364798761800000000000000001",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:13:24.729Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
}
]
}Get the managed database's security events with minimal parameters
Sample request
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?api-version=2023-08-01
Sample response
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
"name": "06364798761800000000000000001",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:13:24.729Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000002",
"name": "06364798761800000000000000002",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:11:14.121Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test10'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000003",
"name": "06364798761800000000000000003",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:03:17.066Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test9'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Security |
A security event. |
|
Security |
A list of security events. |
|
Security |
The properties of a security event sql injection additional properties. |
|
Security |
The type of the security event. |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
SecurityEvent
A security event.
| Name | Type | Description |
|---|---|---|
| id |
string |
Resource ID. |
| name |
string |
Resource name. |
| properties.applicationName |
string |
The application used to execute the statement. |
| properties.clientIp |
string |
The IP address of the client who executed the statement. |
| properties.database |
string |
The database name |
| properties.eventTime |
string (date-time) |
The time when the security event occurred. |
| properties.principalName |
string |
The principal user who executed the statement |
| properties.securityEventSqlInjectionAdditionalProperties |
The sql injection additional properties, populated only if the type of the security event is sql injection. |
|
| properties.securityEventType |
The type of the security event. |
|
| properties.server |
string |
The server name |
| properties.subscription |
string |
The subscription name |
| type |
string |
Resource type. |
SecurityEventCollection
A list of security events.
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
Link to retrieve next page of results. |
| value |
Array of results. |
SecurityEventSqlInjectionAdditionalProperties
The properties of a security event sql injection additional properties.
| Name | Type | Description |
|---|---|---|
| errorCode |
integer (int32) |
The sql error code |
| errorMessage |
string |
The sql error message |
| errorSeverity |
integer (int32) |
The sql error severity |
| statement |
string |
The statement |
| statementHighlightLength |
integer (int32) |
The statement highlight length |
| statementHighlightOffset |
integer (int32) |
The statement highlight offset |
| threatId |
string |
The threat ID. |
SecurityEventType
The type of the security event.
| Value | Description |
|---|---|
| Undefined | |
| SqlInjectionVulnerability | |
| SqlInjectionExploit |