通过SEPM控制台可以查询到网络和主机漏洞缓解(Network and Host Exploit Mitigation)的攻击日志( Attack Logs )设置如下:
但是直接在SEPM的数据库 SQL Server查询相应的 网络和主机漏洞缓解的攻击日志的SQL语句是怎么样的?
具体语句如下:
select TOP 20
ASLUNION.AGENT_SECURITY_LOG_IDX,
ASLUNION.LOCATION_NAME,
ASLUNION.TRAFFIC_DIRECTION,
ASLUNION.SEVERITY,
ASLUNION.NETWORK_PROTOCOL,
ASLUNION.ALERT,
ASLUNION.HOST_NAME,
ASLUNION.CURRENT_IP,
ASLUNION.LOCAL_HOST_IP_TEXT ,
ASLUNION.REMOTE_HOST_IP_TEXT,
ASLUNION.REPETITION,
ASLUNION.EVENT_ID,
ASLUNION.EVENT_TIME,
ASLUNION.USER_NAME,
ASLUNION.USN,
ASLUNION.DOMAIN_NAME,
ASLUNION.GROUP_NAME,
ASLUNION.COMPUTER_NAME,
ASLUNION.TIME_STAMP,
ASLUNION.OS_TYPE
from ( (select TOP 20 AGENT_SECURITY_LOG_IDX,LOCATION_NAME, TRAFFIC_DIRECTION, SEVERITY, NETWORK_PROTOCOL, ALERT, HOST_NAME, IP_ADDR1_TEXT
as CURRENT_IP, CASE WHEN LOCAL_HOST_IPV6 IS NOT NULL AND LEN(LTRIM(RTRIM(LOCAL_HOST_IPV6))) > 0 THEN substring(LOCAL_HOST_IPV6, 1, 4) + ':' + substring(LOCAL_HOST_IPV6, 5, 4) + ':' +
substring(LOCAL_HOST_IPV6, 9, 4) + ':' + substring(LOCAL_HOST_IPV6, 13, 4) + ':' + substring(LOCAL_HOST_IPV6, 17, 4) + ':' + substring(LOCAL_HOST_IPV6, 21, 4) + ':' + substring(LOCAL_HOST_IPV6, 25,
4) + ':' + substring(LOCAL_HOST_IPV6, 29, 4) ELSE CAST((CASE WHEN LOCAL_HOST_IP < 0 THEN 0xFFFFFFFF + LOCA