MSSQL Credentials
Service Name: Microsoft SQL Server
Service Description: Microsoft SQL Server is a relational database management system developed by Microsoft. It is a software product with the primary function of storing and retrieving data as requested by other software applications.
Service Address: https://www.microsoft.com/en-us/sql-server/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the SQL Server level using firewall rules or network security groups if hosted in Azure.
Secret Access Scope: Grants access to SQL Server databases with permissions defined by the user's role assignments.
Secret Revokement URL: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/drop-login
Secret Example: Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;
Suspicious Activity Investigation Instructions:
- Review SQL Server audit logs for unusual login attempts or query patterns
- Check for unexpected database schema changes or data modifications
- Monitor for unusual query volume or resource utilization
- Examine login times and source IP addresses for anomalies
- Review permissions changes or role assignments
Mitigation Instructions:
- Change the password for the compromised SQL Server login immediately
- Revoke any unnecessary permissions from the affected account
- Consider implementing SQL Server Always Encrypted for sensitive data
- Enable SQL Server auditing to track future access and changes
- Implement more restrictive firewall rules to limit access by IP address
- Review and update your password policy to require stronger credentials
- Consider implementing multi-factor authentication if available
- Rotate credentials regularly as part of security best practices