Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Goal: To detect anomalous data change/deletion. This query detects SQL queries that changed/deleted a large number of rows, which is significantly higher than normal for this database. The detection is calculated inside recent time window (defined by 'detectionWindow' parameter), and the anomaly is calculated based on previous training window (defined by 'trainingWindow' parameter). The user can set the minimal threshold for anomaly by changing the threshold parameters volThresholdZ and volThre
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure SQL Database solution for sentinel |
| ID | 2a632013-379d-4993-956f-615063d31e10 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Impact |
| Techniques | T1485, T1565, T1491 |
| Required Connectors | AzureSql |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "SQLSecurityAuditEvents" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Azure SQL Database solution for sentinel