Skip to content

Commit 88286a3

Browse files
memildinmemildin
committed
Added MITRE tactic for a single SQL alert
1 parent dba7714 commit 88286a3

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/security-center/alerts-reference.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ author: memildin
55
manager: rkarlin
66
ms.service: security-center
77
ms.topic: reference
8-
ms.date: 06/08/2021
8+
ms.date: 07/04/2021
99
ms.author: memildin
1010

1111
---
@@ -294,7 +294,7 @@ Azure Defender alerts for container hosts aren't limited to the alerts below. Ma
294294

295295
| Alert | Description | MITRE tactics<br>([Learn more](#intentions)) | Severity |
296296
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------:|----------|
297-
| **A possible vulnerability to SQL Injection**<br>(SQL.VM_VulnerabilityToSqlInjection<br>SQL.DB_VulnerabilityToSqlInjection<br>SQL.MI_VulnerabilityToSqlInjection<br>SQL.DW_VulnerabilityToSqlInjection) | An application has generated a faulty SQL statement in the database. This can indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for a faulty statement. A defect in application code might have constructed the faulty SQL statement. Or, application code or stored procedures didn't sanitize user input when constructing the faulty SQL statement, which can be exploited for SQL injection. ) | - | Medium |
297+
| **A possible vulnerability to SQL Injection**<br>(SQL.VM_VulnerabilityToSqlInjection<br>SQL.DB_VulnerabilityToSqlInjection<br>SQL.MI_VulnerabilityToSqlInjection<br>SQL.DW_VulnerabilityToSqlInjection) | An application has generated a faulty SQL statement in the database. This can indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for a faulty statement. A defect in application code might have constructed the faulty SQL statement. Or, application code or stored procedures didn't sanitize user input when constructing the faulty SQL statement, which can be exploited for SQL injection. ) | PreAttack | Medium |
298298
| **Attempted logon by a potentially harmful application**<br>(SQL.DB_HarmfulApplication<br>SQL.VM_HarmfulApplication<br>SQL.MI_HarmfulApplication<br>SQL.DW_HarmfulApplication) | A potentially harmful application attempted to access SQL server '{name}'. ) | PreAttack | High |
299299
| **Log on from an unusual Azure Data Center**<br>(SQL.DB_DataCenterAnomaly<br>SQL.VM_DataCenterAnomaly<br>SQL.DW_DataCenterAnomaly<br>SQL.MI_DataCenterAnomaly) | There has been a change in the access pattern to an SQL Server, where someone has signed in to the server from an unusual Azure Data Center. In some cases, the alert detects a legitimate action (a new application or Azure service). In other cases, the alert detects a malicious action (attacker operating from breached resource in Azure). ) | Probing | Low |
300300
| **Log on from an unusual location**<br>(SQL.DB_GeoAnomaly<br>SQL.VM_GeoAnomaly<br>SQL.DW_GeoAnomaly<br>SQL.MI_GeoAnomaly) | There has been a change in the access pattern to SQL Server, where someone has signed in to the server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (a former employee or external attacker). ) | Exploitation | Medium |

0 commit comments

Comments
 (0)