Publisher: Splunk
Connector Version: 2.1.8
Product Vendor: Oracle Corporation
Product Name: MySQL
Minimum Product Version: 5.1.0
This app supports investigative actions against a MySQL database
This table lists the configuration variables required to operate MySQL. These variables are specified when configuring a MySQL asset in Splunk SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| host | required | string | Hostname or IP address |
| username | required | string | Username |
| password | required | password | Password |
| database | required | string | Database Name |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
list columns - List the columns of a table
list tables - List the tables in the database
run query - Run a query against a table or tables in the database
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
List the columns of a table
Type: investigate
Read only: True
Describes the structure of a table in the database by displaying information about its columns. The only tables which it will be able to query for must have a name composed of only alphanumeric characters + '_' and '$'.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| table_name | required | Name of table | string | mysql table name |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.status | string | success failed | |
| action_result.parameter.table_name | string | mysql table name |
contact |
| action_result.data.*.Default | string | Default Value | |
| action_result.data.*.Extra | string | auto_increment | |
| action_result.data.*.Field | string | id | |
| action_result.data.*.Key | string | PRI | |
| action_result.data.*.Null | string | NO | |
| action_result.data.*.Type | string | int(11) | |
| action_result.summary.total_rows | numeric | 4 | |
| action_result.message | string | Total rows: 4 | |
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
List the tables in the database
Type: investigate
Read only: True
No parameters are required for this action
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.status | string | success failed | |
| action_result.data.*.table_name | string | mysql table name |
contact |
| action_result.summary.total_rows | numeric | 1 | |
| action_result.message | string | Total rows: 1 | |
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Run a query against a table or tables in the database
Type: investigate
Read only: False
It is recommended to use the format_vars parameter when applicable. For example, if you wanted to find a specific IP, you could set query to a formatted string, like "select * from my_hosts where ip = %s" (note the use of %s), and set format_vars to the IP address. This will ensure the inputs are safely sanitized and avoid SQL injection attacks. Regardless of the type of input it's expecting, the only format specifier which should be used is %s.
Setting no_commit will make it so the App does not commit any changes made to the DB (So, you can ensure its a run only query). However, many statements on MySQL will implicitly commit (as can be read about here) meaning that this parameter will have no effect in cases where these statements are used.
The format_vars parameter accepts a comma seperated list. You can escape commas by surrounding them in double quotes, and escape double quotes with a backslash. Assuming you have a list of values for the format vars, you can employ this code in your playbooks to properly format it into a string:
format_vars_str = ','.join(['"{}"'.format(str(x).replace('\\', '\\\\').replace('"', '\\"')) for x in format_vars_list]).
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| query | required | Query string | string | sql query |
| format_vars | optional | Comma seperated list of variables | string | |
| no_commit | optional | Do not commit changes to database | boolean |
| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
|---|---|---|---|
| action_result.status | string | success failed | |
| action_result.parameter.format_vars | string | 8.8.8.8 | |
| action_result.parameter.no_commit | boolean | True False | |
| action_result.parameter.query | string | sql query |
select * from my_hosts where ip = %s |
| action_result.data.* | string | ||
| action_result.summary.total_rows | numeric | 6 | |
| action_result.message | string | Total rows: 6 | |
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Auto-generated Splunk SOAR Connector documentation.
Copyright 2025 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.