-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSQLVulnerabilityAssessment.yaml
75 lines (75 loc) · 2.69 KB
/
SQLVulnerabilityAssessment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
version: 1
ATT&CK version: 8.2
creation date: 03/24/2021
name: SQL Vulnerability Assessment
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: Azure
tags:
- Azure Defender for SQL
- Database
description: >-
SQL vulnerability assessment is a service that provides visibility into your security state. The
service employs a knowledge base of rules that flag security vulnerabilities. It highlights
deviations from best practices, such as misconfigurations, excessive permissions, and unprotected
sensitive data.
techniques:
- id: T1190
name: Exploit Public-Facing Application
technique-scores:
- category: Protect
value: Minimal
comments: >-
This control provides recommendations to patch if SQL server is out of date and to disable
unneeded features to reduce exploitable surface area.
- id: T1078
name: Valid Accounts
technique-scores:
- category: Protect
value: Minimal
sub-techniques-scores:
- sub-techniques:
- id: T1078.001
name: Default Accounts
scores:
- category: Protect
value: Partial
comments: >-
This control may provide recommendations to disable default accounts and restrict
permissions for existing accounts.
- id: T1505
name: Server Software Component
technique-scores:
- category: Protect
value: Minimal
sub-techniques-scores:
- sub-techniques:
- id: T1505.001
name: SQL Stored Procedures
scores:
- category: Protect
value: Partial
comments: This control may scan for users with unnecessary access to SQL stored procedures.
- id: T1068
name: Exploitation for Privilege Escalation
technique-scores:
- category: Protect
value: Partial
comments: >-
This control may scan for users with unnecessary permissions and if SQL Server is out of date.
- id: T1112
name: Modify Registry
technique-scores:
- category: Protect
value: Minimal
comments: >-
This control may scan for any stored procedures that can access the Registry and checks
that permission to execute those stored procedures have been revoked from all users (other
than dbo).
comments: >-
All scores are capped at Partial since this control provides recommendations rather than
applying/enforcing the recommended actions.
references:
- 'https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment'
- >-
https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules