Techniques
Sample rules
MSSQL Destructive Query
- source: sigma
- technicques:
- t1485
Description
Detects the invocation of MS SQL transactions that are destructive towards table or database data, such as “DROP TABLE” or “DROP DATABASE”.
Detection logic
condition: selection
selection:
Data|contains:
- statement:TRUNCATE TABLE
- statement:DROP TABLE
- statement:DROP DATABASE
EventID: 33205
Provider_Name: MSSQLSERVER$AUDIT