Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query looks multiple failed logon attempts from the same IP within a short span of time. It relies on the SQLEvent KQL Parser function.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Windows SQL Server Database Audit |
| ID | aef212b5-c770-42e1-9abf-bc513e4e749c |
| Tactics | CredentialAccess |
| Techniques | T1110 |
| Required Connectors | AzureMonitor(WindowsEventLogs) |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Microsoft Windows SQL Server Database Audit