Threat Hunting on SQL Server with Azure Sentinel
For years Microsoft SQL Server has served as a backbone of critical applications for enterprises. Due to the nature of critical data stored on the SQL Server databases, it has always been a point of Interest for internal or external adversaries and one of the primary targets for exploitation.
It is important to monitor all your SQL database instances and servers for any sign of threats.
Last week I posted a detailed blog post on Monitoring SQL Server with Azure Sentinel on Microsoft Azure Sentinel Official Blog. The blog talks about how to ingest logs from SQL Servers running on VMs, Parse the logs in readable format and then run various hunting queries and create alerts
You can read the detailed post here.
The Parser and hunting queries are also uploaded to Azure Sentinel Github repo.