Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Parsed Query and RAW Query

    Posted 10-08-2025 03:39
    Edited by Mohammad Musaib Rather 10-12-2025 05:39

    Hi Team,

    I need help with query information fetched by Imperva dam.

    I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

    e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

    In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA


    #DatabaseActivityMonitoring

    ------------------------------
    Mohammad Musaib Rather

    ------------------------------



  • 2.  RE: Parsed Query and RAW Query

    Posted 10-08-2025 10:12

    Hi Mohammad

    If you want to see the raw query, you need to enable the extended collection in the audit policy to remove the "?" and see the raw query

    And in the audit data, you will retrieve event data to the the raw query



    ------------------------------
    Alejandro Hernandez
    SICAP
    Professional Services Consultant and Principal Technical Trainer
    Mexico City
    ------------------------------



  • 3.  RE: Parsed Query and RAW Query

    Posted 10-09-2025 01:25
    Edited by Mohammad Musaib Rather 10-12-2025 05:39

    Hi Alejandro,

    Your response was helpful. Thank you.

    when i did retrieve data in audit logs i was able to see the correct query info, in my audit policy events under extended collection is enabled. I want to know about security policies is there any option same as this and when i view logs under violation how to view the query info there as it showing "?" there also.

    Your response is highly appreciated, TIA



    ------------------------------
    Mohammad Musaib Rather

    ------------------------------

    Original Message


  • 4.  RE: Parsed Query and RAW Query

    Posted 10-09-2025 14:07

    Hi Musaib,

    Under Alerts menu, you can view all alerts (which inturn consist of one or more violations) and when you click any alert, you will find Raw Query under Event Details field and Normalized Query under Additional Info field.

    Regards,



    ------------------------------
    SBISOC 4430
    Manager
    Mumbai
    ------------------------------

    Original Message


  • 5.  RE: Parsed Query and RAW Query

    Posted 10-12-2025 03:41
    Edited by Mohammad Musaib Rather 10-12-2025 05:38

    Thank you for your responses, this was really helpful



    ------------------------------
    Mohammad Musaib Rather

    ------------------------------

    Original Message


  • 6.  RE: Parsed Query and RAW Query

    Posted 10-14-2025 03:15

    Thank you Alejandro,

    Do we need to check the both options? I only have 1 enabled.



    ------------------------------
    Gabriel Danladi
    APPSEC
    Union Bank of Nigeria PLC
    Jos
    ------------------------------

    Original Message