Overview
Suspicious activity monitoring of databases can reveal insider abuse, credential theft, privilege escalation, database-specific attacks, audit trail modifications, and misconfigurations. Use this content pack to monitor, identify, and get alerts to successful and potential database exploit activity, SQL events by language type, and any other suspicious database events. Filtering database events by timeframe, domain, host, geolocation, and user can be especially helpful in identifying suspicious usage. Among other things, system administrators can use this content pack to track domain policy changes as well as privileged security group membership changes in their environment. Tracking users making changes to these items enables suspicious modifications to be caught and fixed.
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.