mssql_brute_internal_external

Explanation

This event is triggered by Netography's Fusion Portal when it detects a brute force password guessing attack against a MSSQL server. This event specifically looks for activity emanating from your network toward MSSQL servers on the Internet.

What to Look For

Brute force attacks launched from your network may be an indication that your network is compromised. Investigate hosts that are the source of this sort of activity in order to make sure that it is authorized and expected, and the hosts have not been compromised.

Related MITRE ATT&CK Categories

Brute Force, Technique T1110 - Enterprise