Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query will detect SQL queries that have affected an unusual number of rows for the given user and application combination. It will calculate the prevalence for each row count impacted to find instances where a large number of rows is anomalously affected. This hunting query is designed to detect SQL mass-deletion and mass-read events.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure SQL Database solution for sentinel |
| ID | 724c7010-0afe-4d46-95ab-32f6737e658b |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureSql |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "SQLSecurityAuditEvents" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Azure SQL Database solution for sentinel