Imperva Cyber Community

Hi Team,

I need help with query information fetched by Imperva dam.

I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA

Hi Mohammad

If you want to see the raw query, you need to enable the extended collection in the audit policy to remove the "?" and see the raw query

And in the audit data, you will retrieve event data to the the raw query

------------------------------
Alejandro Hernandez
SICAP
Professional Services Consultant and Principal Technical Trainer
Mexico City

Original Message:
Sent: 10-08-2025 03:39
From: Mohammad Musaib Rather
Subject: Parsed Query and RAW Query

Hi Team,

I need help with query information fetched by Imperva dam.

I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA

#DatabaseActivityMonitoring

------------------------------
Mohammad Musaib Rather

------------------------------

Hi Alejandro,

Your response was helpful. Thank you.

when i did retrieve data in audit logs i was able to see the correct query info, in my audit policy events under extended collection is enabled. I want to know about security policies is there any option same as this and when i view logs under violation how to view the query info there as it showing "?" there also.

Your response is highly appreciated, TIA

Hi Mohammad

If you want to see the raw query, you need to enable the extended collection in the audit policy to remove the "?" and see the raw query

And in the audit data, you will retrieve event data to the the raw query

Hi Team,

I need help with query information fetched by Imperva dam.

I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA

Hi Musaib,

Under Alerts menu, you can view all alerts (which inturn consist of one or more violations) and when you click any alert, you will find Raw Query under Event Details field and Normalized Query under Additional Info field.

Regards,

------------------------------
SBISOC 4430
Manager
Mumbai

Original Message:
Sent: 10-09-2025 01:24
From: Mohammad Musaib Rather
Subject: Parsed Query and RAW Query

Hi Alejandro,

Your response was helpful. Thank you.

when i did retrieve data in audit logs i was able to see the correct query info, in my audit policy events under extended collection is enabled. I want to know about security policies is there any option same as this and when i view logs under violation how to view the query info there as it showing "?" there also.

Your response is highly appreciated, TIA

------------------------------
Mohammad Musaib Rather
Support User
StarLink DMCC
Dubai

Original Message:
Sent: 10-08-2025 10:12
From: Alejandro Hernandez
Subject: Parsed Query and RAW Query

Hi Mohammad

If you want to see the raw query, you need to enable the extended collection in the audit policy to remove the "?" and see the raw query

And in the audit data, you will retrieve event data to the the raw query

------------------------------
Alejandro Hernandez
SICAP
Professional Services Consultant and Principal Technical Trainer
Mexico City

Original Message:
Sent: 10-08-2025 03:39
From: Mohammad Musaib Rather
Subject: Parsed Query and RAW Query

Hi Team,

I need help with query information fetched by Imperva dam.

I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA

#DatabaseActivityMonitoring

------------------------------
Mohammad Musaib Rather
Support User
StarLink DMCC
Dubai
------------------------------

Hi Mohammad

If you want to see the raw query, you need to enable the extended collection in the audit policy to remove the "?" and see the raw query

And in the audit data, you will retrieve event data to the the raw query

Hi Team,

I need help with query information fetched by Imperva dam.

I am checking the query (raw query and parsed query info) but the query info is not correct or its not helpful, suppose below I am sharing sample

e parameter=?; select value into ? from nls_session_parameters where parameter=?; select ? into ? from dual; select ? into ? from dual; exception when others then err_code := substr(sqlcode, ?, ?); err_msg := substr(sqlerrm, ?, ?); select value into ? from nls_session_parameters where parameter=?; select value into ? from nls_session_parameters where parameter=?; select err_code into ? from dual; select err_msg into ? from dual; end;

In above query ist line "parameter =?" select value info again ?, where it should display information its is showing question mark. Your inputs are highly appreciated.TIA