Firewall rule manipulation attempts stateful anomaly on database

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

This query detects batches of distinct SQL queries that execute (or attempt to) commands that could indicate potential security issues - such as attempts to manipulate firewall rules (e.g. for allowing malicious access to the database).

Attribute	Value
Type	Analytic Rule
Solution	Azure SQL Database solution for sentinel
ID	`05030ca6-ef66-42ca-b672-2e84d4aaf5d7`
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	InitialAccess
Techniques	T1190
Required Connectors	AzureSql
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`AzureDiagnostics` 🔶	`Category == "SQLSecurityAuditEvents"`	?	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure SQL Database solution for sentinel