Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query batches of distinct SQL queries that failed with error codes that might indicate malicious attempts to gain illegitimate access to the data. When blind type of attacks are performed (such as SQL injection of fuzzying), the attempted queries are often malformed and fail on wrong syntax (error 102) or wrong escaping (error 105). Thus, if a large number of different queries fail on such errors in a short amount of time, this might indicate attempted attack.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure SQL Database solution for sentinel |
| ID | c815008d-f4d1-4645-b13b-8b4bc188d5de |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureSql |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "SQLSecurityAuditEvents" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Azure SQL Database solution for sentinel