Detect Suspicious Errors Typical of a SQL Injection Attack

Install metric...

Metrics install automatically if you have Redgate Monitor installed.

If you are using Redgate’s SQL Server monitoring tool, Redgate Monitor, you can instantly install and run this metric on your servers.

Detects errors characteristic of a possible SQL Injection attack, or other attempts to gain illicit access to a database server. Returns the number of errors detected in the last 20 minutes.

First, create an Extended Events session on the monitored SQL Server instance:

Start the event session, like this:

Metric definition

Name

SuspiciousErrors

Description

Detects errors characteristic of a possible SQL Injection attack, or other attempts to gain illicit access to a database server. Returns the number of errors detected in the last 20 minutes.

The T-SQL query that will collect data

Instances to collect from

Select all

Databases to collect from

master

Collection frequency

5 mins

Use collected or calculated values

Leave the Use a calculated rate of change between collections check box unchecked

Metric collection

Enabled

Alert definition

Alert name

SuspiciousErrors

Description

Alert fires if the number of suspicious errors detected exceeds the defined threshold.

Raise an alert when the metric value goes

above the defined threshholds

Default threshold values

High:
Medium:30
Low:

Raise an alert when the threshold is passed for

collections

Alert is

Enabled