MSSQL
This document provides guidance on how to integrate Microsoft SQL Server withGoogle SecOps.
Integration version: 14.0
Important: In the Google SecOps platform, the MSSQL integrationrefers toMicrosoft SQL Server.Before you begin
This section helps you configure a Google SecOps remoteagent (RHEL, CentOS, or Docker) to work with SQL Server using Kerberosauthentication.
Configure a Google SecOps remote agent (RHEL or CentOS)
To configure a Google SecOps remote agent (RHEL or CentOS)to work with SQL Server, complete the following steps in the remote agent Linuxshell:
Add your DNS servers to the
/etc/resol.conffile:#vi /etc/resolv.confInstall the krb5 package for CentOS 7:
#yum install krb5-workstationOpen the
Note: The domain must be in full FQDN syntax and uppercase./etc/krb5.conffile and add your domain asdefault_realm:#vi etc/krb5.conf.Test connection with Active Directory. Use a user that has access to the SQLServer database:
#kinit sql_userInput your user password.
Show the obtained ticket:
#klistOptional: Remove the kerberos ticket:
#kdestroy -A
For more information about creating a remote agent on CentOSusing the Microsoft SQL integration, seeCreate agent with installer forCentOS.
Configure a Google SecOps remote agent (Docker)
To configure a Google SecOps remote agent (Docker)to work with SQL Server, complete the following steps in the remote agent Linuxshell:
Run a shell in a docker container:
docker exec -it siemplify /bin/bashAdd your domain DNS servers to the
/etc/resol.conffile:#vi /etc/resolv.confInstall the krb5 package for CentOS 7:
#yum install krb5-workstationOpen the
/etc/krb5.conffile and add your domain asdefault_realmwith uppercase:#vi etc/krb5.confNote:ThedomainmustbeinfullFQDNsyntaxandinuppercase.Obtain a kerberos ticket. Use a user that has access to the SQL Serverdatabase:
#kinit sql_userEnter your user password.
Show the obtained ticket:
#klistOptional: Remove the kerberos ticket:
#kdestroy -A
For more information about creating a remote agent on Docker, seeCreate agentwith Docker.
Optional: Install SQL Server tools for debugging
To install the SQL Server tools for debugging, complete the following steps inthe remote agent Linux shell:
Add the Microsoft repository:
# curlhttps://packages.microsoft.com/config/rhel/7/prod.repo >/etc/yum.repos.d/msprod.repoInstall SQL Server tools:
# yum install mssql-tools unixODBC-develBinaries are installed in the following directory:
/opt/mssql-tools/bin.Test the connection to SQL Server:
#kinit sql_userRun the following command:
/opt/mssql-tools/bin/sqlcmd -Ssqlserver.yourdomain.com -ENote:ThedomainmustbeinfullFQDNsyntaxandinuppercase.
Integrate MSSQL with Google SecOps
The integration requires the following parameters:
| Parameters | Description |
|---|---|
Server Address | Required An address of the SQL Server instance. The default value is The domain must be in full FQDN syntax and uppercase. |
Username | Optional The username of the SQL Server instance. |
Password | Optional The user password. |
Port | Optional The port to use in the integration. |
Windows Authentication | Optional If selected, the integration authenticates using the Windows authentication. Not selected by default. |
Use Kerberos Authentication | Optional If selected, the integration authenticates using the Kerberos authentication. Not selected by default. |
Kerberos Realm | Optional The Kerberos realm value. |
Kerberos Username | Optional The username for the Kerberos authentication. |
Kerberos Password | Optional The password for the Kerberos authentication. |
Verify SSL | Optional If selected, the integration verifies that the SSL certificate for the connection to the SQL Server is valid. Selected by default. This parameter applies only for the Microsoft ODBC driver for SQL Server version 18. If the Google SecOps server host runs earlier ODBC driver versions, the integration ignores this parameter. |
For instructions about configuring an integration inGoogle SecOps, seeConfigureintegrations.
You can make changes at a later stage, if necessary. After you configure anintegration instance, you can use it in playbooks. For more information onconfiguring and supporting multiple instances, seeSupporting multipleinstances.
Actions
The SQL Server integration includes the following actions:
Ping
Use thePing action to test connectivity to the SQL Server.
This action runs on all entities.
Action inputs
None.
Action outputs
ThePing action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Not available |
| Script result | Available |
Script result
The following table describes the values for the script result output when usingthePing action:
| Script result name | Value |
|---|---|
is_success | True orFalse |
Run SQL Query
Use theRun SQL Query action to run SQL queries.
This action runs on all entities.
Action inputs
TheRun SQL Query action requires the following parameters:
| Parameters | Description |
|---|---|
Database Name | Required The database name to run the query on. |
| Required The query to run. The default value is |
Action outputs
TheRun SQL Query action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Not available |
| Script result | Available |
JSON result
The following shows an example of the JSON result output received when using theRun SQL Query action:
[{"Name":"Actions Monitor System","Creator":"System","Integration":"Example","VersionId":"VERSION_ID","ModificationTimenixTimeInMs":1558278307098,"Description":"Notifies of all the actions, that have individually failed at least 3 times, in the last 3 hours"},{"Name":"Jobs Monitor System","Creator":"System","Integration":"Example","VersionId":"VERSION_ID","ModificationTimenixTimeInMs":1558278307098,"Description":"Notifies of all the jobs, that have individually failed at least 3 times, in the last 3 hours"}]Script result
The following table describes the values for the script result output when usingtheRun SQL Query action:
| Script result name | Value |
|---|---|
is_blocked | True orFalse |
Need more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.