Help
FortiSIEM Discussions
GidonT
New Contributor II

Created on ‎09-30-2024 01:25 AM

Pulling Data from a MS_SQL table into FortiSIEM

Hi Dear Community, 

 

I have a need to pull data from a MS_SQL DB from a specific Table with a specific query into FortiSIEM. 
I have read all documentation of "External Systems Configuration Guide"
https://docs.fortinet.com/document/fortisiem/7.0.2/external-systems-configuration-guide/723635/micro...


in the documentation above it doesn't seem like there is an option to pull specific data from a specific table but rather only auditing and monitoring of the DB. 

Does anyone have any suggestion or a guide on how to pull data from an MS_SQL DATABASE
DataBase name : X_DB
Table name: Y_Table


Labels:
1093
0 Kudos
7 REPLIES 7
soltantde2
New Contributor

Created on ‎09-30-2024 03:03 AM

I am not sure what you mean by extraction tool? Usually, you would have connectors to data sources which have a driver and usually, the most used one with SQL DBs is the ODBC Driver

router login 192.168.l.l
router login 192.168.l.l
1068
0 Kudos
GidonT
New Contributor II
In response to soltantde2

Created on ‎09-30-2024 04:03 AM

@soltantde2 i never mentioned any "extraction tool".

as mentioned in the question - 
I need to pull data from a specific table in a specific database in MS SQL SB. 
do you have any suggestions ? 

1055
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎09-30-2024 06:12 AM

Have a look at the documentation herehttps://help.fortinet.com/fsiem/7-2-3/Online-Help/HTML5_Help/Custom-JDBC-Performance-Monitor-for-a-C...

1010
0 Kudos
GidonT
New Contributor II
In response to FSM_FTNT

Created on ‎09-30-2024 06:40 AM

Thank you very much @FSM_FTNT !
I will try this solution and will update on the results

996
0 Kudos
GidonT
New Contributor II

Created on ‎10-15-2024 04:37 AM

Hi Community, 

After a long and tedious attempts to configure the FortiSIEM to communicate directly with the MS SQL DB (Creating New Events, Attributes, Credentials, Templates and much more) i was not successful and the lack of detailed documentation (other than Performance Monitoring for SQL DBs) wasn't helpful as-well. 
My solution was 
1. Crating a PowerShell script (which uses "Invoke-SqlCmd") to pull the data directly from the MS SQL DB with the specific query (using a Managed Service Account for extra security).
2. Dumping the query results into a file on the machine after some manipulation to add only the new entries from the SQL Table. 
3. Installing a FortiSIEM agent on the machine and configuring the dumped query results as a user defined custom log file. 

The use of PS and log file was MUCH easier than trying to configure all the different FortiSIEM elements required for this to work properly.  

819
0 Kudos
adem_netsys
Contributor
In response to GidonT

Created on ‎10-15-2024 04:42 AM

Hi @GidonT 

 

Which Siem version are you using? In my experience, you will need to have version 7.2.2 and above to use the JDBC connection properly. If you have this, you can share at which point you are getting errors.

807
0 Kudos
GidonT
New Contributor II
In response to adem_netsys

Created on ‎10-15-2024 04:46 AM

Hi @adem_netsys .

I am using an earlier version of FortiSIEM. 
but thank you anyway for your response. 

 

801
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.