Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Applications using SQL will generally make repeated similar requests for data as users interact with the application, this hunting query will find instances where an unusual number of tokens have been seen grouped on the client application and username. The query will calculate the prevalence for the token sizes based on historical activity from grouped application and user and show instances where an unusual number of tokens were observed. This query is designed to be run against application a
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure SQL Database solution for sentinel |
| ID | 2a21303e-be48-404f-a6f6-883a6acfe5ad |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureSql |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "SQLSecurityAuditEvents" |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Azure SQL Database solution for sentinel