We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Detecting Malicious Activity: Unveiling the Secrets of MS-SQL Logging - Tristan Bennett
Detect malicious activity in MS-SQL with built-in auditing, custom tools, and analytics techniques.
- Logon auditing is important for detecting malicious activity
- Common detections include running of directory trees, dir tree execution, and authentication attempts
- Microsoft SQL Server has built-in auditing capabilities, but configuration can be complex and varies between versions
- Log management and analysis are crucial for detecting unusual patterns of access
- Custom tools and scripting can be used to detect and analyze log data
- Windows registry does not log all events, including some networking and authentication events
- NTLM relay attacks can be detected by analyzing log data
- PowerShell and.NET can be used to create custom detection tools
- AI and machine learning can be used to improve detection and analysis of log data
- Some detections may miss certain types of attacks or cause false positives
- Custom configuration and testing are necessary to detect specific types of malicious activity
- SQL scripts can be used to detect and analyze log data
- Orginasations should ensure that SQL server is configured to log all authentication and query events
- Log analysis requires expertise and knowledge of the organization’s environment
- Custom detection tools can be created using PowerShell and.NET
- AI and machine learning can be used to improve detection and analysis of log data
- Some attacks may not be detectable without custom detection tools.