Techniques
Sample rules
Suspicious SQL Query
- source: sigma
- technicques:
- t1190
- t1505
- t1505.001
Description
Detects suspicious SQL query keywrods that are often used during recon, exfiltration or destructive activities. Such as dropping tables and selecting wildcard fields
Detection logic
condition: keywords
keywords:
- drop
- truncate
- dump
- select \*