Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Disabling an account on unexpected SQL Statement Expand / Collapse
Author
Message
Posted Monday, October 1, 2012 1:40 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, October 30, 2012 5:10 AM
Points: 28, Visits: 35
Hi Folks,

Wondering if anyone had any ideas on this dilema?

I want to be able to trace code through my database, looking for certain patterns of sql code.

If the code being run, does not look genuine, i want to be able to lock the account that is sending it.

I am considering looking at the dmv's and pulling out the running queries and then locking the account, and send an alert.

Are there better ways of doing this?

Thanks.
Post #1366347
Posted Wednesday, October 3, 2012 6:27 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Monday, September 15, 2014 8:57 AM
Points: 6,624, Visits: 1,872
Can you give an example of code not looking genuine? SELECT queries and execution of stored procedures would be hard to manipulate in this way as they don't fire DML triggers. You might be able to do something with extended events or via the results of traces, but if you use a trace, there's always going to be a lag.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #1367615
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse