Suspicious activity monitoring of databases can reveal insider abuse, credential theft, privilege escalation, database-specific attacks, audit trail modifications, and misconfigurations. Use this content pack to monitor, identify, and get alerts to successful and potential database exploit activity, SQL events by language type, and any other suspicious database events. Filtering database events by timeframe, domain, host, geolocation, and user can be especially helpful in identifying suspicious usage. Among other things, system administrators can use this content pack to track domain policy changes as well as privileged security group membership changes in their environment. Tracking users making changes to these items enables suspicious modifications to be caught and fixed.
Content pack demo
Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.Watch Video
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.Read Article
Find other content packs and partner integrations.See All
Interested in McAfee Enterprise Security Manager?Register