Detecting Connection Timeouts

VN:RO [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)
0
1,523 0
Connection timeouts can be difficult to troubleshoot. It’s sometimes not even apparent that a timeout has occurred. However, the connectivity_ring_buffer_recorded Extended Event can show that this has happened. This is a debug event within Extended Events, so some caution is necessary in its use. Microsoft can change the debug events without warning. You can use […] Read more

Detecting Connection Timeouts

VN:RO [1.9.17_1161]
Rating: 5.0/5 (3 votes cast)
3
2,449 0
Connection timeouts can be difficult to troubleshoot. It’s sometimes not even apparent that a timeout has occurred. However, the connectivity_ring_buffer_recorded Extended Event can show that this has happened. This is a debug event within Extended Events, so some caution is necessary in its use. Microsoft can change the debug events without warning. You can use […] Read more

Database Drift – Monitoring Unauthorized Object Changes

VN:RO [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)
0
3,359 0
This metric identifies when an object has been changed by other than the authorized login. It relies on an Extended Events session to capture the metrics and filters for a specific login. This is a tweak to this custom metric. Here is the necessary Extended Events Session (substitute the appropriate login for the ‘LoginName’ string. […] Read more

Detect MrbMiner Malware

VN:RO [1.9.17_1161]
Rating: 1.0/5 (1 vote cast)
1
2,561 0
This metric looks for the presence of the MrbMiner malware by checking for an account in sys.sql_logins. Additional information: https://www.zdnet.com/article/new-mrbminer-malware-has-infected-thousands-of-mssql-databases/ Read more

Monitor Database Events

VN:RO [1.9.17_1161]
Rating: 5.0/5 (1 vote cast)
1
2,693 0 ,
This metric queries data from an Extended Events session to detect databases being dropped, created, started, stopped, attached or detached. It assigns a configurable “anxiety index” value (an integer from 1-10) to each detected event and then calculates a total based on the occurrences of these events over a period. First, create and start for […] Read more

Monitoring Changes in Permissions, Users, Roles and Logins

VN:RO [1.9.17_1161]
Rating: 4.0/5 (5 votes cast)
5
5,678 0
Reports the number of changes to logins, users, roles in the past 10 minutes. It measures every change but doesn’t tell you if this is a drift from what it should be, since it might only be a permission being temporarily created and then revoked. First, create the following function in the database on the […] Read more

Database Drift – Monitoring Schema Changes

VN:RO [1.9.17_1161]
Rating: 0.0/5 (0 votes cast)
0
3,108 0
Reports the number database object changes (create, alter or drop) in last 30 mins. First, create the following Extended Event session on the monitored SQL Server instance: [crayon-647b21669d204741469986/] Read more

Detect Suspicious Errors Typical of a SQL Injection Attack

VN:RO [1.9.17_1161]
Rating: 4.8/5 (5 votes cast)
5
6,542 0
Detects errors characteristic of a possible SQL Injection attack, or other attempts to gain illicit access to a database server. Returns the number of errors detected in the last 20 minutes. First, create an Extended Events session on the monitored SQL Server instance: [crayon-647b21669d39b549882615/] Start the event session, like this: [crayon-647b21669d3a0063243275/] Read more