mssqlreflection

Suggest Edits

Explanation

This event is triggered when the Netography Fusion Portal detects an MSSQL reflection attack. MSSQL reflection attacks are SQL injection attacks that target Microsoft SQL servers running on Windows operating systems.

What to Look For

To examine the results of the mssqlreflection event, look for any suspicious activity on the MSSQL server, such as unusual logins or attempts to execute unauthorized queries. It is also recommended to review the server's logs for any SQL injection attempts.

On the network, look for any suspicious traffic to or from the MSSQL server, especially if it is originating from an untrusted source. This traffic could indicate an ongoing attack.

Related MITRE ATT&CK Categories

Network Denial of Service, Technique T1498 - Enterprise

Updated 13 days ago