Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query identifies user role altered on SQL Server. It relies on the SQLEvent KQL Parser function.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Windows SQL Server Database Audit |
| ID | 80a420b3-6a97-4b8f-9d86-4b43ee522fb2 |
| Tactics | Persistence, PrivilegeEscalation |
| Techniques | T1098, T1078 |
| Required Connectors | AzureMonitor(WindowsEventLogs) |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Microsoft Windows SQL Server Database Audit