With our focus on SQL Attacks this month, I naturally think about what data is being attacked as well. StealthAUDIT’s SQL Solution Set can show us a lot of valuable information but collects even more than what immediately shows.
StealthAUDIT Data Views are my go-to tool when I want advanced manipulation of data for an export. Some of these are immediately available, and others must be “turned on” for viewing in the job tree.
First, an analysis must be configured; here I’ve chosen the SQL_SensitiveDataScan job because it’s associated with the data I want. Select Create Analysis from Jobs > SQL > 0.Collection > 1-SQL_SensitiveDataScan > Configure > Analysis
Here we’ll want to select SQLscripting from the Analysis Module drop-down, and then click the Configure Analysis option beside it:
(I typically use the description here to designate what table/view is being used)
Now populate the Table Name field with your desired table/view, place the table/view name within the brackets in the query below, click Save and Close and save then save the Analysis:
Here we don’t have to rerun the job because the data has already been processed, but we will need to refresh the job. Simply right-click the job itself and select Refresh Tree:
Our table/view should now be available within the Results node of the job. Once selected the data will be available in the right-hand pane for either immediate export (right-click the table/view name), or it can be sorted or filtered interactively. The column headers can be dragged to the top for easy grouping, organized right to left as desired, or even removed; all without affecting the data itself:
Finally, the dropdowns on each column header provide advanced filtering capabilities. Here I’ve grouped by criteria_name (sensitive data type), where I can see counts of each sensitive data type but would like to set a custom filter like so:
This custom filter allows me to set the filter type, and can use ‘ _ ’ or ‘ * ’ for wildcarding:
To learn more about how STEALTHbits enables organizations to manage and secure Microsoft SQL servers and databases, click here: https://www.stealthbits.com/sql-server-auditing
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jeff is a Senior Engineer at Stealthbits.