Contrast ADR - DLP SQL Injection Correlation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Detects successful SQL injection attacks identified by Contrast ADR and correlates them with WAF/DLP logs. This rule identifies critical database security breaches that have bypassed initial defenses and may result in data exfiltration or unauthorized database access.

Attribute Value
Type Analytic Rule
Solution ContrastADR
ID 1aac7737-d52f-483d-b225-6a27c1b29a9e
Severity High
Status Available
Kind Scheduled
Tactics InitialAccess, CredentialAccess, Collection, Exfiltration, CommandAndControl, Reconnaissance, CredentialAccess, LateralMovement, Discovery
Techniques T1190, T1552, T1005, T1041, T1008, T1590, T1571, T1528, T1021, T1046
Required Connectors ContrastADRCCF
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
ContrastADRAttackEvents_CL ? ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to ContrastADR