Skip to content

DB2 Credentials

Service Name: IBM Db2

Service Description: IBM Db2 is a family of data management products, including database servers, developed by IBM. It is a relational database management system (RDBMS) designed to store, analyze and retrieve data efficiently.

Service Address: https://www.ibm.com/products/db2

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the database level through firewall settings and Db2 configuration.

Secret Access Scope: Grants access to Db2 databases and allows for data manipulation, schema changes, and administrative operations depending on the user's permissions.

Secret Revokement URL: https://www.ibm.com/docs/en/db2/11.5?topic=privileges-revoking

Secret Example: db2inst1:p@ssw0rd123!

Suspicious Activity Investigation Instructions:

  • Review Db2 audit logs for unusual query patterns or data access.
  • Check for unauthorized schema changes or table modifications.
  • Monitor for large data exports or unusual query volume.
  • Examine connection logs for access from unexpected IP addresses or during unusual hours.
  • Look for privilege escalation attempts or unauthorized administrative operations.

Mitigation Instructions:

  • Immediately change the compromised user's password using the ALTER USER command.
  • Revoke any excessive privileges: REVOKE privilege ON object FROM user.
  • Consider temporarily locking the account if available in your Db2 version.
  • Review and update IP restrictions for database access.
  • Implement more granular access controls based on the Principle of Least Privilege.
  • Enable or review audit logging to monitor future database activity.
  • Consider implementing multi-factor authentication if supported in your environment.
  • Update connection strings in applications that use the compromised credentials.