Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query uses series decompose anomaly to identify periods of time where a given user account and application combination is used to send an anomalous number of parameters or SQL query tokens to the server. This query is designed to be run against application and username combinations that are used by SQL applications, such as content management systems (Wordpress, Joomla, TYPO3, etc.).
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure SQL Database solution for sentinel |
| ID | e0944dec-3c92-4b2d-8e81-a950afeaba69 |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureSql |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "SQLSecurityAuditEvents" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Azure SQL Database solution for sentinel