Threat Detection in SQL Database

Threat Detection is an awesome feature, which helps to detect anomalous activities in the databases which indicates potential Security threats to the databases.
This feature “Threat Detection” is in preview and supported for Azure SQL Database.

This feature helps to provide new security layer enables the database Users to detect and respond to the potential threats by providing security alerts on anomalous actions. Users can easily suspicious events using Azure SQL Database Auditing to determine if they result from an attempt to access, exploit data in the database. That’s why Threat Detection makes it very simpler to address potential threats to database without the need to be a security expert or an Advanced security monitoring systems.

For Example:

SQL injection is one of the most common Web application security issues on the Internet, used to attack data-driven applications. Attackers take advantage of application vulnerabilities to inject malicious SQL statements into application entry fields, for modifying data in the database.
Therefore, the “Threat Detection” feature helps to detect certain anomalous database activities indicating potential SQL injection attempts.

Get started with SQL Database Threat Detection:

Step 1: Login to Azure portal, using the credential of your Subscription.

Step 2: Go to the configuration blade of the SQL Database that you want to monitor. In the Settings blade, select Auditing & Threat Detection.











Step 3: In the Auditing & Threat Detection configuration blade turn ON auditing, which will display the Threat detection settings. Also turn on Threat Detection(preview). Enter the email address in which you want to receive notifications and check the email service & co-administration box. Finally save it.













Step 4: Explore anomalous database activities upon detection of a suspicious event like SQL Injection etc. You will receive an email notification upon detection of anomalous database activities.
The email will provide information on the suspicious security event including the nature of the anomalous activities, database name, server name and the event time.
In addition, it will provide information on possible causes and recommended actions to investigate and mitigate the potential threat to the database.


Step 5: In the email, click on the Azure SQL Auditing Log link,
which will launch the Azure portal and show the relevant Auditing records around the time of the suspicious event.










Step 6: Click on the audit records to view more details on the suspicious database activities such as SQL statement, failure reason and client IP.














Also, You can click Open in Excel to open a pre-configured excel template to import and run deeper analysis of the audit log around the time of the suspicious event. in Recent Excel,  Power Query and the Fast Combine setting is required.

That’s all f0r today keep on rocking.

#SQL #SQLdatabase #Azure