Unauthorized DBA Activity
Unauthorized DBA Activity (Windows/Mac)
The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: UNAUTHORIZED DBA ACTIVITY.
|
ALERT RULE |
Description |
|---|---|
| Adding new Credential on SQL Server Management Studio |
An alert is triggered upon opening the New Credential window on SQL Server Management Studio. |
| Adding new Login ID on SQL Server Management Studio |
An alert is triggered upon opening the New Login window on SQL Server Management Studio. |
| Adding new Server Role on SQL Server Management Studio |
An alert is triggered upon opening the New Server Role window on SQL Server Management Studio. |
| Backing up database on SQL Server Management Studio |
An alert is triggered upon opening the Back Up Database window on SQL Server Management Studio. |
| Connecting to a sensitive DB server from SQL Server Management Studio |
An alert is triggered upon typing the name or IP of a sensitive database server in order to connect to it from within Microsoft SQL Server Management Studio. |
| Copying database on SQL Server Management Studio |
An alert is triggered upon opening the Copy Database window on SQL Server Management Studio. |
| Deleting database table by executing SQL command |
An alert is triggered upon executing either the TRUNCATE TABLE or DROP TABLE commands that entirely deleted tables from database. |
| Deleting object on SQL Server Management Studio |
An alert is triggered upon opening the Delete Object window on SQL Server Management Studio. |
| Detaching database on SQL Server Management Studio |
An alert is triggered upon opening the Detach Database window on SQL Server Management Studio. |
| Executing SQL ALTER command |
An alert is triggered upon executing SQL command that includes the keyword ALTER. This operation is highly sensitive, as it changes the structure of objects within database tables. |
| Exporting database or tables on SQL Server Management Studio |
An alert is triggered upon invoking exporting functions on SQL Server Management Studio. |
| Logging in to SQL Server Management Studio using too generic credentials |
An alert is triggered upon opening SSMS and trying to login using credentials that are too generic (not secured enough). |
| Modifying database records by executing SQL command via DBA tools |
An alert is triggered upon executing SQL command that modifies DB records. This operation is highly sensitive, as it changes content of tables within database tables. |
| Modifying database records by using command line tools |
An alert is triggered upon using command line tools to executing SQL command that modifies DB records. This operation is highly sensitive, as it changes content of tables within database tables. |
| Opening Server Properties window on SQL Server Management Studio |
An alert is triggered upon opening the Server Properties window on SQL Server Management Studio. |
| Running database management tools on an unauthorized workstation |
An alert is triggered upon opening an SQL tool on workstations that are not part of the authorized workstations to do it. |