OLE object manipulation attempts stateful anomaly on database

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query detects batches of distinct SQL queries that execute (or attempt to) commands that could indicate potential security issues - such as attempts to manipulate OLE objects (e.g. for running malicious commands).

Attribute	Value
Type	Analytic Rule
Solution	Azure SQL Database solution for sentinel
ID	dabd7284-004b-4237-b5ee-a22acab19eb2
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	InitialAccess
Techniques	T1190
Required Connectors	AzureSql
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	Category == "SQLSecurityAuditEvents"	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure SQL Database solution for sentinel