Tag: Threat Hunting

Threat Hunting on SQL Server with Azure Sentinel

For years Microsoft SQL Server has served as a backbone of critical applications for enterprises. Due to the nature of critical data stored on the SQL Server databases, it has always been a point of Interest for internal or external adversaries and one of the primary targets for exploitation.

 It is important to monitor all your SQL database instances and servers for any sign of threats.

Last week I posted a detailed blog post on Monitoring SQL Server with Azure Sentinel on Microsoft Azure Sentinel Official Blog. The blog talks about how to ingest logs from SQL Servers running on VMs, Parse the logs in readable format and then run various hunting queries and create alerts

You can read the detailed post here.

The Parser and hunting queries are also uploaded to Azure Sentinel Github repo.

Join me at Microsoft 360 Security Conclave

I’ll be speaking at Microsoft 360 Security Conclave on Integrated Cyber Threat Management last this week, we’ll talk about how modern cyber threats leveraging power of cloud to launch multi-staged attacks and how having an end to end visibility of the attack indicators across Identity, Endpoint, Apps and Infrastructure helps early detection and remediation.

If you are attending this event, please do stop by and say hi.

There are some other distinguished speakers lined up for you from Industry and Microsoft engineering.

See you there.