SQL Injection

Back


Id	96ec9a28-ffd9-4aa6-a569-b1a53731fda3
Rulename	SQL Injection
Description	Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker’s code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user’s browser.
Severity	Medium
Tactics	Impact
Techniques	T1516
Required data connectors	ContrastADR
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
Version	1.0.0
Arm template	96ec9a28-ffd9-4aa6-a569-b1a53731fda3.json

KQL

ContrastADR_CL | where rule_s == "reflected-xss"

YAML

queryPeriod: 5m
kind: Scheduled
version: 1.0.0
name: SQL Injection
relevantTechniques:
- T1516
severity: Medium
description: |
    'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'
requiredDataConnectors:
- connectorId: ContrastADR
  dataTypes:
  - ContrastADR_CL
query: ContrastADR_CL | where rule_s == "reflected-xss"
tactics:
- Impact
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
entityMappings:
- fieldMappings:
  - identifier: Url
    columnName: uiUrl_s
  entityType: URL
triggerThreshold: 0
id: 96ec9a28-ffd9-4aa6-a569-b1a53731fda3
triggerOperator: gt
queryFrequency: 5m
status: Available

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "properties": {
        "alertRuleTemplateName": "96ec9a28-ffd9-4aa6-a569-b1a53731fda3",
        "customDetails": null,
        "description": "'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'\n",
        "displayName": "SQL Injection",
        "enabled": true,
        "entityMappings": [
          {
            "entityType": "URL",
            "fieldMappings": [
              {
                "columnName": "uiUrl_s",
                "identifier": "Url"
              }
            ]
          }
        ],
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml",
        "query": "ContrastADR_CL | where rule_s == \"reflected-xss\"",
        "queryFrequency": "PT5M",
        "queryPeriod": "PT5M",
        "severity": "Medium",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [
          "Impact"
        ],
        "techniques": null,
        "templateVersion": "1.0.0",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}