DB2 Credentials
Service Name: IBM Db2
Service Description: IBM Db2 is a family of data management products, including database servers, developed by IBM. It is a relational database management system (RDBMS) designed to store, analyze and retrieve data efficiently.
Service Address: https://www.ibm.com/products/db2
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the database level through firewall settings and Db2 configuration.
Secret Access Scope: Grants access to Db2 databases and allows for data manipulation, schema changes, and administrative operations depending on the user's permissions.
Secret Revokement URL: https://www.ibm.com/docs/en/db2/11.5?topic=privileges-revoking
Secret Example: db2inst1:p@ssw0rd123!
Suspicious Activity Investigation Instructions:
- Review Db2 audit logs for unusual query patterns or data access.
- Check for unauthorized schema changes or table modifications.
- Monitor for large data exports or unusual query volume.
- Examine connection logs for access from unexpected IP addresses or during unusual hours.
- Look for privilege escalation attempts or unauthorized administrative operations.
Mitigation Instructions:
- Immediately change the compromised user's password using the ALTER USER command.
- Revoke any excessive privileges: REVOKE privilege ON object FROM user.
- Consider temporarily locking the account if available in your Db2 version.
- Review and update IP restrictions for database access.
- Implement more granular access controls based on the Principle of Least Privilege.
- Enable or review audit logging to monitor future database activity.
- Consider implementing multi-factor authentication if supported in your environment.
- Update connection strings in applications that use the compromised credentials.