MySQL Credentials
Service Name: MySQL Database
Service Description: MySQL is an open-source relational database management system (RDBMS) that uses Structured Query Language (SQL) for adding, accessing, and managing content in a database.
Service Address: https://www.mysql.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the database level using MySQL's built-in access control mechanisms that allow connections only from specific IP addresses.
Secret Access Scope: Grants access to MySQL databases with the permissions assigned to the specific user account. This can range from read-only access to full administrative privileges depending on the user configuration.
Secret Revokement URL: Does not exist (managed through MySQL administration tools or direct SQL commands)
Secret Example: mysql://username:p@ssw0rd123!@hostname:3306/database_name
Suspicious Activity Investigation Instructions:
- Review MySQL server logs for unusual login attempts or query patterns
- Check for unexpected database schema changes or data modifications
- Monitor for unusual query volume or resource utilization
- Examine user activity during non-standard hours
- Look for connections from unexpected IP addresses
- Review any data exports or bulk operations
Mitigation Instructions:
- Immediately revoke the compromised user's access with: REVOKE ALL
PRIVILEGES, GRANT OPTION FROM 'username'@'hostname';
- Delete the compromised user account: DROP USER 'username'@'hostname';
- Create a new user with appropriate permissions
- Update application configuration files that contain the credentials
- Implement more restrictive IP-based access controls
- Enable enhanced logging to monitor future database activity
- Consider implementing database activity monitoring tools
- Review and update password policies to enforce stronger credentials
- Implement multi-factor authentication if available for your MySQL deployment