mssqlreflection
Explanation
This event is triggered when the Netography Fusion Portal detects an MSSQL reflection attack. MSSQL reflection attacks are SQL injection attacks that target Microsoft SQL servers running on Windows operating systems.
What to Look For
To examine the results of the mssqlreflection event, look for any suspicious activity on the MSSQL server, such as unusual logins or attempts to execute unauthorized queries. It is also recommended to review the server's logs for any SQL injection attempts.
On the network, look for any suspicious traffic to or from the MSSQL server, especially if it is originating from an untrusted source. This traffic could indicate an ongoing attack.
Related MITRE ATT&CK Categories
Updated 4 days ago