Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Hunting Queries/SQLServer
История
Ajeet Prakash (MSTIC) 2cc3982f03 Updating the name from “Azure Sentinel” to “Microsoft Sentinel” for Detection and Hunting Queries. 2021-11-09 18:41:23 -08:00
..
Readme.md
SQL-Failed SQL Logons.yaml
SQL-MultipleFailedLogon_FromSameIP.yaml
SQL-MultipleFailedLogon_InShortSpan.yaml
SQL-New_UserCreated.yaml
SQL-UserAdded_to_SecurityAdmin.yaml
SQL-UserDeletedFromDatabase.yaml
SQL-UserRemovedFromSecurityAdmin.yaml
SQL-UserRemovedFromServerRole.yaml
SQL-UserRoleChanged.yaml

Readme.md

All these hunting queries are based on the SQLEvent KQL Parser function (link below) SQLEvent KQL Parser provided at https://github.com/Azure/Azure-Sentinel/tree/master/Parsers/SQLSever Detailed blog post on Monitoring SQL Server with Microsoft Sentinel https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-sql-server-with-azure-sentinel/ba-p/1502960