你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Managed Database Security Events - List By Database
获取安全事件的列表。
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?api-version=2021-11-01GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?$filter={$filter}&$skip={$skip}&$top={$top}&$skiptoken={$skiptoken}&api-version=2021-11-01URI 参数
| 名称 | 在 | 必需 | 类型 | 说明 |
|---|---|---|---|---|
|
database
|
path | True |
string |
要为其检索安全事件的托管数据库的名称。 |
|
managed
|
path | True |
string |
托管实例的名称。 |
|
resource
|
path | True |
string |
包含该资源的资源组名称。 可以从 Azure 资源管理器 API 或门户获取此值。 |
|
subscription
|
path | True |
string |
用于标识 Azure 订阅的订阅 ID。 |
|
api-version
|
query | True |
string |
要用于请求的 API 版本。 |
|
$filter
|
query |
string |
筛选集合中的元素的 OData 筛选器表达式。 |
|
|
$skip
|
query |
integer int64 |
集合中要跳过的元素数。 |
|
|
$skiptoken
|
query |
string |
标识集合中起点的不透明标记。 |
|
|
$top
|
query |
integer int64 |
要从集合返回的元素数。 |
响应
| 名称 | 类型 | 说明 |
|---|---|---|
| 200 OK |
已成功检索安全事件列表。 |
|
| Other Status Codes |
错误响应:***
|
示例
| Get the managed database's security events with maximal parameters |
| Get the managed database's security events with minimal parameters |
Get the managed database's security events with maximal parameters
Sample Request
GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$filter=ShowServerRecords eq true&$skip=0&$top=1&$skiptoken=eyJCbG9iTmFtZURhdGVUaW1lIjoiXC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbG92ZXJJbmRleCI6IjAiLCJFbmREYXRlIjoiXC9EYXRlKDE1MTI0NjYyMDA1MjkpXC8iLCJJc1NraXBUb2tlblNldCI6ZmFsc2UsIklzVjJCbG9iVGltZUZvcm1hdCI6dHJ1ZSwiU2hvd1NlcnZlclJlY29yZHMiOmZhbHNlLCJTa2lwVmFsdWUiOjAsIlRha2VWYWx1ZSI6MTB9&api-version=2021-11-01
Sample Response
{
"nextLink": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$skipToken=C9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sb&api-version=2017-10-01-preview",
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
"name": "06364798761800000000000000001",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:13:24.729Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
}
]
}Get the managed database's security events with minimal parameters
Sample Request
Sample Response
{
"value": [
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
"name": "06364798761800000000000000001",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:13:24.729Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000002",
"name": "06364798761800000000000000002",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:11:14.121Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test10'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
},
{
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000003",
"name": "06364798761800000000000000003",
"type": "Microsoft.Sql/servers/databases/securityEvents",
"properties": {
"eventTime": "2017-12-24T10:03:17.066Z",
"securityEventType": "SqlInjectionExploit",
"subscription": "00000000-1111-2222-3333-444444444444",
"server": "testcl",
"database": "database1",
"clientIp": "10.166.113.220",
"applicationName": "myApp",
"principalName": "maliciousUser",
"securityEventSqlInjectionAdditionalProperties": {
"threatId": "1",
"statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test9'",
"statementHighlightOffset": 52,
"statementHighlightLength": 13,
"errorCode": 0,
"errorSeverity": 0,
"errorMessage": ""
}
}
}
]
}定义
| 名称 | 说明 |
|---|---|
|
Security |
安全事件。 |
|
Security |
安全事件列表。 |
|
Security |
安全事件 sql 注入附加属性的属性。 |
|
Security |
安全事件的类型。 |
SecurityEvent
安全事件。
| 名称 | 类型 | 说明 |
|---|---|---|
| id |
string |
资源 ID。 |
| name |
string |
资源名称。 |
| properties.applicationName |
string |
用于执行 语句的应用程序。 |
| properties.clientIp |
string |
执行语句的客户端的 IP 地址。 |
| properties.database |
string |
数据库名称 |
| properties.eventTime |
string |
发生安全事件的时间。 |
| properties.principalName |
string |
执行语句的主体用户 |
| properties.securityEventSqlInjectionAdditionalProperties |
仅当安全事件的类型为 sql 注入时,才会填充 sql 注入附加属性。 |
|
| properties.securityEventType |
安全事件的类型。 |
|
| properties.server |
string |
服务器名称 |
| properties.subscription |
string |
订阅名称 |
| type |
string |
资源类型。 |
SecurityEventCollection
安全事件列表。
| 名称 | 类型 | 说明 |
|---|---|---|
| nextLink |
string |
用于检索下一页结果的链接。 |
| value |
结果数组。 |
SecurityEventSqlInjectionAdditionalProperties
安全事件 sql 注入附加属性的属性。
| 名称 | 类型 | 说明 |
|---|---|---|
| errorCode |
integer |
sql 错误代码 |
| errorMessage |
string |
sql 错误消息 |
| errorSeverity |
integer |
sql 错误严重性 |
| statement |
string |
语句 |
| statementHighlightLength |
integer |
语句突出显示长度 |
| statementHighlightOffset |
integer |
语句突出显示偏移量 |
| threatId |
string |
威胁 ID。 |
SecurityEventType
安全事件的类型。
| 名称 | 类型 | 说明 |
|---|---|---|
| SqlInjectionExploit |
string |
|
| SqlInjectionVulnerability |
string |
|
| Undefined |
string |