Suspicious SQL Stored Procedures

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This hunting query will detect SQL queries where suspicious stored procedures are called. Suspicious procedures included in the query are based on data seen by the MSTIC Deception honeypot.

Attribute	Value
Type	Hunting Query
Solution	Azure SQL Database solution for sentinel
ID	db5b0a77-1b1d-4a31-8ebb-c508ebc3bb38
Tactics	InitialAccess
Techniques	T1190
Required Connectors	AzureSql
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	Category == "SQLSecurityAuditEvents"	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Azure SQL Database solution for sentinel