Managed Database Security Events - List By Database

Service:: SQL Database

API Version:: 2025-01-01

Gets a list of security events.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?api-version=2025-01-01

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/securityEvents?api-version=2025-01-01&$filter={$filter}&$skip={$skip}&$top={$top}&$skiptoken={$skiptoken}

URI Parameters

Name	In	Required	Type	Description
databaseName	path	True	string	The name of the database.
managedInstanceName	path	True	string	The name of the managed instance.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.
$filter	query		string	An OData filter expression that filters elements in the collection.
$skip	query		integer (int64)	The number of elements in the collection to skip.
$skiptoken	query		string	An opaque token that identifies a starting point in the collection.
$top	query		integer (int64)	The number of elements to return from the collection.

Responses

Name	Type	Description
200 OK	SecurityEventCollection	Azure operation completed successfully.
Other Status Codes	ErrorResponse	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Get the managed database's security events with maximal parameters

Get the managed database's security events with minimal parameters

Get the managed database's security events with maximal parameters

Sample request

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?api-version=2025-01-01&$filter=ShowServerRecords eq true&$skip=0&$top=1&$skiptoken=eyJCbG9iTmFtZURhdGVUaW1lIjoiXC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbG92ZXJJbmRleCI6IjAiLCJFbmREYXRlIjoiXC9EYXRlKDE1MTI0NjYyMDA1MjkpXC8iLCJJc1NraXBUb2tlblNldCI6ZmFsc2UsIklzVjJCbG9iVGltZUZvcm1hdCI6dHJ1ZSwiU2hvd1NlcnZlclJlY29yZHMiOmZhbHNlLCJTa2lwVmFsdWUiOjAsIlRha2VWYWx1ZSI6MTB9

Sample response

Status code:: 200

{
  "nextLink": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?$skipToken=C9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sbC9EYXRlKDE1MTIyODg4MTIwMTArMDIwMClcLyIsIkJsb2JOYW1lUm9sb&api-version=2017-10-01-preview",
  "value": [
    {
      "name": "06364798761800000000000000001",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
      "properties": {
        "applicationName": "myApp",
        "clientIp": "10.166.113.220",
        "database": "database1",
        "eventTime": "2017-12-24T10:13:24.729Z",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "errorCode": 0,
          "errorMessage": "",
          "errorSeverity": 0,
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
          "statementHighlightLength": 13,
          "statementHighlightOffset": 52,
          "threatId": "1"
        },
        "securityEventType": "SqlInjectionExploit",
        "server": "testcl",
        "subscription": "00000000-1111-2222-3333-444444444444"
      }
    }
  ]
}

Get the managed database's security events with minimal parameters

Sample request

HTTP

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents?api-version=2025-01-01

Sample response

Status code:: 200

{
  "value": [
    {
      "name": "06364798761800000000000000001",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000001",
      "properties": {
        "applicationName": "myApp",
        "clientIp": "10.166.113.220",
        "database": "database1",
        "eventTime": "2017-12-24T10:13:24.729Z",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "errorCode": 0,
          "errorMessage": "",
          "errorSeverity": 0,
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test11'",
          "statementHighlightLength": 13,
          "statementHighlightOffset": 52,
          "threatId": "1"
        },
        "securityEventType": "SqlInjectionExploit",
        "server": "testcl",
        "subscription": "00000000-1111-2222-3333-444444444444"
      }
    },
    {
      "name": "06364798761800000000000000002",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000002",
      "properties": {
        "applicationName": "myApp",
        "clientIp": "10.166.113.220",
        "database": "database1",
        "eventTime": "2017-12-24T10:11:14.121Z",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "errorCode": 0,
          "errorMessage": "",
          "errorSeverity": 0,
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test10'",
          "statementHighlightLength": 13,
          "statementHighlightOffset": 52,
          "threatId": "1"
        },
        "securityEventType": "SqlInjectionExploit",
        "server": "testcl",
        "subscription": "00000000-1111-2222-3333-444444444444"
      }
    },
    {
      "name": "06364798761800000000000000003",
      "type": "Microsoft.Sql/servers/databases/securityEvents",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.Sql/managedInstances/testcl/databases/database1/securityEvents/06364798761800000000000000003",
      "properties": {
        "applicationName": "myApp",
        "clientIp": "10.166.113.220",
        "database": "database1",
        "eventTime": "2017-12-24T10:03:17.066Z",
        "principalName": "maliciousUser",
        "securityEventSqlInjectionAdditionalProperties": {
          "errorCode": 0,
          "errorMessage": "",
          "errorSeverity": 0,
          "statement": "select * from sys.databases where database_id like '' or 1 = 1 --' and family = 'test9'",
          "statementHighlightLength": 13,
          "statementHighlightOffset": 52,
          "threatId": "1"
        },
        "securityEventType": "SqlInjectionExploit",
        "server": "testcl",
        "subscription": "00000000-1111-2222-3333-444444444444"
      }
    }
  ]
}

Definitions

Name	Description
createdByType	The type of identity that created the resource.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
SecurityEvent	A security event.
SecurityEventCollection	A list of security events.
SecurityEventSqlInjectionAdditionalProperties	The properties of a security event sql injection additional properties.
SecurityEventType	The type of the security event.
systemData	Metadata pertaining to creation and last modification of the resource.

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Object

Error response

Name	Type	Description
error	ErrorDetail	The error object.

SecurityEvent

Object

A security event.

Name	Type	Description
id	string (arm-id)	Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name	string	The name of the resource
properties.applicationName	string	The application used to execute the statement.
properties.clientIp	string	The IP address of the client who executed the statement.
properties.database	string	The database name
properties.eventTime	string (date-time)	The time when the security event occurred.
properties.principalName	string	The principal user who executed the statement
properties.securityEventSqlInjectionAdditionalProperties	SecurityEventSqlInjectionAdditionalProperties	The sql injection additional properties, populated only if the type of the security event is sql injection.
properties.securityEventType	SecurityEventType	The type of the security event.
properties.server	string	The server name
properties.subscription	string	The subscription name
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

SecurityEventCollection

Object

A list of security events.

Name	Type	Description
nextLink	string (uri)	The link to the next page of items
value	SecurityEvent[]	The SecurityEvent items on this page

SecurityEventSqlInjectionAdditionalProperties

Object

The properties of a security event sql injection additional properties.

Name	Type	Description
errorCode	integer (int32)	The sql error code
errorMessage	string	The sql error message
errorSeverity	integer (int32)	The sql error severity
statement	string	The statement
statementHighlightLength	integer (int32)	The statement highlight length
statementHighlightOffset	integer (int32)	The statement highlight offset
threatId	string	The threat ID.

SecurityEventType

Enumeration

The type of the security event.

Value	Description
Undefined	Undefined
SqlInjectionVulnerability	SqlInjectionVulnerability
SqlInjectionExploit	SqlInjectionExploit

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.