LoFP LoFP / inventory and monitoring activity

Techniques

Sample rules

Suspicious SQL Query

Description

Detects suspicious SQL query keywrods that are often used during recon, exfiltration or destructive activities. Such as dropping tables and selecting wildcard fields

Detection logic

condition: keywords
keywords:
- drop
- truncate
- dump
- select \*