Database Content Pack

Suspicious activity monitoring of databases can reveal insider abuse, credential theft, privilege escalation, database-specific attacks, audit trail modifications, and misconfigurations. Use this content pack to monitor, identify, and get alerts to successful and potential database exploit activity, SQL events by language type, and any other suspicious database events. Filtering database events by timeframe, domain, host, geolocation, and user can be especially helpful in identifying suspicious usage. Among other things, system administrators can use this content pack to track domain policy changes as well as privileged security group membership changes in their environment. Tracking users making changes to these items enables suspicious modifications to be caught and fixed.

Content Pack Components

Views

Database Events by Language Type
Database Events by Subtype
Database Exploit Activity
Failed Database Logons
Successful Database Logons

Reports

Reports may be adjusted to suit the needs of the environment.

Database - Database Events
Database - Database Logon Events

Correlation Rules

Database - Activity Outside Company Geolocation
Database - Attempted Database Configuration Change by a Remote Host
Database - Bulk Data Transfer after Exploit Activity
Database - Database Event Activity after Exploit Activity
Database - Excessive Database Connections from a Single Source
Database - Possible Exploit Activity
Database - Increased Number of DCL Events
Database - Increased Number of DDL Events
Database - Increased Number of DML Events
Database - Increased Number of TCL Events
Database - Multiple Database Access Attempt Failures
Database - Multiple Audit Trail Modifications
Database - Possible SQL Injection Activity - Low-Severity Queries
Database - Possible SQL Injection Activity - Query Failure by Destination User
Database - Possible SQL Injection Activity - Query Failure by Source IP
Database - Source User Logon Different from Destination User Logon

Required Products

McAfee Enterprise Security Manager (ESM) 11.x, 10.x
McAfee Advanced Correlation Engine (ACE) 11.x, 10.x

Content pack demo

Content packs are available directly inside the McAfee Enterprise Security Manager user interface. Watch the video to discover how to access your content pack and get started.

Watch Video

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register

Nos solutions phares

Explorer notre gamme

Objectifs de sécurité

Secteurs d'activité

Produits

Nos solutions phares

Explorer notre gamme

Produits MVISION

Services et formations

Recherche sur les menaces

Nos chercheurs

Tableau de bord du paysage des menaces

Outils

Nous contacter

Ressources

Téléchargements

Aide sur les produits

Rejoignez-nous

Explorer

Notre entreprise

Nos initiatives

Autres ressources

Opportunités d'emploi

Partenariats