Oracle Database Auditor: Workbooks with not results

[gmarmolejos]

Describe the bug
Oracle Database Auditor doesn't bring information about Oracle Database Table Queried and User' Privileges. It only shows the query returned no results

To Reproduce
Steps to reproduce the behavior:

1. Active Oracle Database Audit.
2. Enable Syslog in Linux Server.
3. Wait until Sentinel get the data.

Expected behavior
To be fair all the information are shows but those two. It's possible to modify the query to receive these information or why is in the workbook's sample these information?
If i try to execute use it the TableName object doesn't work either.

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-muuppugund]

Hi @gmarmolejos , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 21Dec2023. Thanks!

[v-muuppugund]

Hi @gmarmolejos ,Working on Oracle dB set up, once data is ingested, will work on the above issue and share updates

[v-muuppugund]

Hi @gmarmolejos ,working on data ingestion,will update you.

[v-muuppugund]

Hi @gmarmolejos ,working on data ingestion,will update you.

Hi @gmarmolejos ,I am using AMA ,facing issues ,while ingesting the data,working on it,will get back to you

[v-muuppugund]

Hi @gmarmolejos ,Issues has been resolved and working on replicating the issue and will update you

[v-muuppugund]

Hi @gmarmolejos ,could you please share those 2 you mean the below in the work book, Could you please confirm?

1. OracleDatabaseAuditEvent | where isnotempty(DstUserName)| summarize TotalEvents = count() by DstUserName| order by TotalEvents| take 10
2. OracleDatabaseAuditEvent | where isnotempty(SrcUserName)| summarize TotalEvents = count() by SrcUserName

[v-muuppugund]

Hi @gmarmolejos ,Gentle Reminder,,could you please share those 2 you mean the below in the work book, Could you please confirm?

OracleDatabaseAuditEvent | where isnotempty(DstUserName)| summarize TotalEvents = count() by DstUserName| order by TotalEvents| take 10
OracleDatabaseAuditEvent | where isnotempty(SrcUserName)| summarize TotalEvents = count() by SrcUserName

[v-muuppugund]

@gmarmolejos ,Since we have not received a response in the last 5 days, we are closing your issue (#9602) as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation!

[gmarmolejos]

@v-muuppugund , i'm very sorry to forget to response in time!! :(.

The return information is very sensitive to us, but i'm going to share the first two row each and hide the real data. Although i receive information from both queries.

OracleDatabaseAuditEvent | where isnotempty(DstUserName)| summarize TotalEvents = count() by DstUserName| order by TotalEvents| take 2

OracleDatabaseAuditEvent | where isnotempty(SrcUserName)| summarize TotalEvents = count() by SrcUserName