Azure-Sentinel/SQLServer в f76b6ed5bd719e6aa4858db5ea1ed652cfd0281c - Azure-Sentinel - Git

История

Iftekhar Hussain 9ac3464878 Updated Queries		2020-07-29 20:05:49 +05:30
..
Readme.md	Rename Readme.txt to Readme.md	2020-07-21 11:29:06 +05:30
SQL-Failed SQL Logons.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-MultipleFailedLogon_FromSameIP.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-MultipleFailedLogon_InShortSpan.yaml	Updated Queries	2020-07-29 20:05:49 +05:30
SQL-New_UserCreated.yaml	Updated Queries	2020-07-29 20:05:49 +05:30
SQL-UserAdded_to_SecurityAdmin.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-UserDeletedFromDatabase.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-UserRemovedFromSecurityAdmin.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-UserRemovedFromServerRole.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30
SQL-UserRoleChanged.yaml	Updated Hunting Queries	2020-07-21 14:11:29 +05:30

Readme.md

All these hunting queries are based on the SQLEvent KQL Parser function (link below) SQLEvent KQL Parser provided at https://github.com/Azure/Azure-Sentinel/tree/master/Parsers/SQLSever Detailed blog post on Monitoring SQL Server with Azure Sentinel https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-sql-server-with-azure-sentinel/ba-p/1502960