Detect MrbMiner Malware

VN:RO [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)
0
87 0
This metric looks for the presence of the MrbMiner malware by checking for an account in sys.sql_logins. Additional information: https://www.zdnet.com/article/new-mrbminer-malware-has-infected-thousands-of-mssql-databases/ Read more

Monitor Database Events

VN:RO [1.9.17_1161]
Rating: 5.0/5 (1 vote cast)
1
573 0 ,
This metric queries data from an Extended Events session to detect databases being dropped, created, started, stopped, attached or detached. It assigns a configurable “anxiety index” value (an integer from 1-10) to each detected event and then calculates a total based on the occurrences of these events over a period. First, create and start for […] Read more

Monitoring Changes in Permissions, Users, Roles and Logins

VN:RO [1.9.17_1161]
Rating: 4.0/5 (5 votes cast)
5
2,340 0
Reports the number of changes to logins, users, roles in the past 10 minutes. It measures every change but doesn’t tell you if this is a drift from what it should be, since it might only be a permission being temporarily created and then revoked. First, create the following function in the database on the […] Read more

Detect Suspicious Errors Typical of a SQL Injection Attack

VN:RO [1.9.17_1161]
Rating: 4.8/5 (5 votes cast)
5
2,960 0
Detects errors characteristic of a possible SQL Injection attack, or other attempts to gain illicit access to a database server. Returns the number of errors detected in the last 20 minutes. First, create an Extended Events session on the monitored SQL Server instance: [crayon-5f6620544199d909639531/] Start the event session, like this: [crayon-5f662054419a2289666621/] Read more

Default user service account

VN:RO [1.9.17_1161]
Rating: 5.0/5 (4 votes cast)
4
15,986 0
This metric checks whether SQL Server services are running under any of the default accounts, such as localsystem. Using a default account for SQL Server services can be a security risk. Read more

Default TCP Port

VN:RO [1.9.17_1161]
Rating: 3.0/5 (1 vote cast)
1
8,233 0
This metric checks whether your SQL Server installation is using the default TCP port, which is a known security risk. Read more