Skip to main content

MySQL Enterprise

The modeling rules for MySQL Enterprise event collectors.

This pack includes XSIAM content.

Collect Events from Vendor

MySQL Enterprise Server Configuration

  1. Install the audit log plugin
  2. After the audit log plugin installation verify the following two lines in the my.cnf file:
plugin-load = audit_log.so
audit_log_format=JSON

Note: In order to parse the timestamp correctly, make sure that the timestamp field is in the default time zone - UTC.
The supported time format is yyyy-MM-dd hh:mm:ss (2021-12-08 10:00:00).

XDRC (XDR Collector)

You will need to use the information described here.\
You can configure the vendor and product by replacing [vendor]_[product]_raw with mysql_enterprise_raw.\
When configuring the instance, you should use a yml that configures the vendor and product, like this example:

filebeat.inputs:
- type: filestream
  enabled: true
  json.keys_under_root: true
  json.add_error_key: true
  paths:
    - /var/lib/mysql/audit.log
  processors:
    - add_fields:
        fields:
          vendor: mysql
          product: enterprise

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedMay 30, 2022
Last ReleaseMay 18, 2025
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.