Firewall rule manipulation attempts stateful anomaly on database

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query detects batches of distinct SQL queries that execute (or attempt to) commands that could indicate potential security issues - such as attempts to manipulate firewall rules (e.g. for allowing malicious access to the database).

Attribute	Value
Type	Analytic Rule
Solution	Azure SQL Database solution for sentinel
ID	05030ca6-ef66-42ca-b672-2e84d4aaf5d7
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	DefenseEvasion, Persistence
Techniques	T1098, T1562
Required Connectors	AzureSql
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	Category == "SQLSecurityAuditEvents"	✗	✗	✗

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to Azure SQL Database solution for sentinel