Microsoft Windows SQL Server Database Audit
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Community |
| Support Tier | Community |
| Support Link | https://github.com/Azure/Azure-Sentinel/issues |
| Categories | domains |
| Version | 3.0.1 |
| Author | Community |
| First Published | 2022-11-29 |
| Solution Folder | Microsoft Windows SQL Server Database Audit |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (62%) |
The Microsoft Windows SQL Server Database Audit solution for Microsoft Sentinel enables security monitoring scenarios using Windows events. The contents of the solution allow hunting for unauthorized access and other abnormalities with SQL database identities.
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Content Items
This solution includes 9 content item(s):
| Content Type | Count |
|---|---|
| Hunting Queries | 9 |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Failed Logon Attempts on SQL Server | CredentialAccess | - |
| Failed Logon on SQL Server from Same IPAddress in Short time Span | CredentialAccess | - |
| Multiple Failed Logon on SQL Server in Short time Span | CredentialAccess | - |
| New User created on SQL Server | Persistence | - |
| SQL User deleted from Database | Persistence, PrivilegeEscalation, Impact | - |
| User Role altered on SQL Server | Persistence, PrivilegeEscalation | - |
| User added to SQL Server SecurityAdmin Group | Persistence, PrivilegeEscalation | - |
| User removed from SQL Server Roles | Persistence, PrivilegeEscalation, Impact | - |
| User removed from SQL Server SecurityAdmin Group | Persistence, PrivilegeEscalation, Impact | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.1 | 18-03-2024 | Change in Hunting Queries description |
| 3.0.0 | 10-07-2023 | Updated Parser to correctly parse failed login events |
| Added Entity mapping and version in all the Hunting Queries |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊