MySQL Connection String
Service Name: MySQL
Service Description: MySQL is an open-source relational database management system (RDBMS) that uses Structured Query Language (SQL) for adding, accessing, and managing content in a database.
Service Address: https://www.mysql.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the database level through MySQL's user privilege system, allowing connections only from specific IP addresses.
Secret Access Scope: Grants direct access to MySQL databases with the privileges assigned to the specified user account.
Secret Revokement URL: Does not exist (managed through MySQL administration tools)
Secret Example: mysql://username:password@hostname:3306/database_name
Suspicious Activity Investigation Instructions:
- Review MySQL server logs for unusual login attempts or query patterns
- Check for unexpected database schema changes or data modifications
- Monitor for unusual query volume or resource consumption
- Examine connection logs for access from unexpected IP addresses or during unusual hours
- Review user privilege changes in the MySQL user tables
Mitigation Instructions:
- Immediately change the password for the affected user account using: ALTER
USER 'username'@'hostname' IDENTIFIED BY 'new_password';
- Consider revoking and recreating the user with appropriate privileges: DROP
USER 'username'@'hostname'; CREATE USER 'username'@'hostname' IDENTIFIED
BY 'new_password';
- Restrict the user's connection privileges to specific IP addresses: GRANT
privileges ON database.* TO 'username'@'specific_ip';
- Enable MySQL audit logging to track future access and activity
- Review and minimize the privileges assigned to the user account
- Consider implementing connection encryption (SSL/TLS) if not already in use
- Rotate all database credentials that may have been compromised