Merge pull request #164533 from memildin/asc-melvyn-recs-stuff

v-ccolin · web-flow · commit e99ef4477463 · 2021-07-05T08:51:20.000+01:00
Added MITRE tactic for a single SQL alert
diff --git a/articles/security-center/alerts-reference.md b/articles/security-center/alerts-reference.md
@@ -5,7 +5,7 @@ author: memildin
 manager: rkarlin
 ms.service: security-center
 ms.topic: reference
-ms.date: 06/08/2021
+ms.date: 07/04/2021
 ms.author: memildin
 
 ---
@@ -294,7 +294,7 @@ Azure Defender alerts for container hosts aren't limited to the alerts below. Ma
 
 | Alert                                                                                                                                                                                                   | Description                                                                                                                                                                                                                                                                                                                                                                                                                                 | MITRE tactics<br>([Learn more](#intentions)) | Severity |
 |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------:|----------|
-| **A possible vulnerability to SQL Injection**<br>(SQL.VM_VulnerabilityToSqlInjection<br>SQL.DB_VulnerabilityToSqlInjection<br>SQL.MI_VulnerabilityToSqlInjection<br>SQL.DW_VulnerabilityToSqlInjection) | An application has generated a faulty SQL statement in the database. This can indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for a faulty statement. A defect in application code might have constructed the faulty SQL statement. Or, application code or stored procedures didn't sanitize user input when constructing the faulty SQL statement, which can be exploited for SQL injection. ) | -                                            | Medium   |
+| **A possible vulnerability to SQL Injection**<br>(SQL.VM_VulnerabilityToSqlInjection<br>SQL.DB_VulnerabilityToSqlInjection<br>SQL.MI_VulnerabilityToSqlInjection<br>SQL.DW_VulnerabilityToSqlInjection) | An application has generated a faulty SQL statement in the database. This can indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for a faulty statement. A defect in application code might have constructed the faulty SQL statement. Or, application code or stored procedures didn't sanitize user input when constructing the faulty SQL statement, which can be exploited for SQL injection. ) | PreAttack                                    | Medium   |
 | **Attempted logon by a potentially harmful application**<br>(SQL.DB_HarmfulApplication<br>SQL.VM_HarmfulApplication<br>SQL.MI_HarmfulApplication<br>SQL.DW_HarmfulApplication)                          | A potentially harmful application attempted to access  SQL server '{name}'.                                                                                                                                                                                                                                                                                                                                                               ) | PreAttack                                    | High     |
 | **Log on from an unusual Azure Data Center**<br>(SQL.DB_DataCenterAnomaly<br>SQL.VM_DataCenterAnomaly<br>SQL.DW_DataCenterAnomaly<br>SQL.MI_DataCenterAnomaly)                                          | There has been a change in the access pattern to an SQL Server, where someone has signed in to the server from an unusual Azure Data Center. In some cases, the alert detects a legitimate action (a new application or Azure service). In other cases, the alert detects a malicious action (attacker operating from breached resource in Azure).                                                                                        ) | Probing                                      | Low      |
 | **Log on from an unusual location**<br>(SQL.DB_GeoAnomaly<br>SQL.VM_GeoAnomaly<br>SQL.DW_GeoAnomaly<br>SQL.MI_GeoAnomaly)                                                                               | There has been a change in the access pattern to SQL Server, where someone has signed in to the server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (a former employee or external attacker).                                                                                           ) | Exploitation                                 | Medium   |
