Product: SonarG
Use-Case: Data Access
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 10 | 5 | 1 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| database-login | T1213 - Data from Information Repositories ↳ DB-DbU-F: First access to database for user ↳ DB-DbU-A: Abnormal access to database for user ↳ DB-DbG-F: First access to database for peer group ↳ DB-DbG-A: Abnormal access to database for peer group ↳ DB-UDbZ-F: First database activity from source zone per user, database ↳ DB-UDbZ-A: Abnormal database activity from source zone per user, database ↳ DB-UDbH-F: First database activity from host per user, database ↳ DB-UDbH-A: Abnormal database activity from host per user, database ↳ DB-UDbI-F: First database activity from IP per user, database ↳ DB-UDbI-A: Abnormal database activity from IP per user, database |
• DB-UDbI: Database activity from source IP per user, database • DB-UDbH: Database activity from host per user, database • DB-UDbZ: Database activity from source zone per user, database • DB-DbG: Peer groups per database • DB-DbU: Users per database |