SQL Injection

Back


Id	96ec9a28-ffd9-4aa6-a569-b1a53731fda3
Rulename	SQL Injection
Description	Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker’s code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user’s browser.
Severity	Medium
Tactics	Impact
Techniques	T1516
Required data connectors	ContrastADR
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
Version	1.0.0
Arm template	96ec9a28-ffd9-4aa6-a569-b1a53731fda3.json

KQL

ContrastADR_CL | where rule_s == "reflected-xss"

YAML

description: |
    'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'
tactics:
- Impact
requiredDataConnectors:
- connectorId: ContrastADR
  dataTypes:
  - ContrastADR_CL
queryPeriod: 5m
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
query: ContrastADR_CL | where rule_s == "reflected-xss"
version: 1.0.0
entityMappings:
- entityType: URL
  fieldMappings:
  - columnName: uiUrl_s
    identifier: Url
id: 96ec9a28-ffd9-4aa6-a569-b1a53731fda3
kind: Scheduled
relevantTechniques:
- T1516
severity: Medium
triggerThreshold: 0
triggerOperator: gt
name: SQL Injection
queryFrequency: 5m
status: Available

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "properties": {
        "alertRuleTemplateName": "96ec9a28-ffd9-4aa6-a569-b1a53731fda3",
        "customDetails": null,
        "description": "'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'\n",
        "displayName": "SQL Injection",
        "enabled": true,
        "entityMappings": [
          {
            "entityType": "URL",
            "fieldMappings": [
              {
                "columnName": "uiUrl_s",
                "identifier": "Url"
              }
            ]
          }
        ],
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml",
        "query": "ContrastADR_CL | where rule_s == \"reflected-xss\"",
        "queryFrequency": "PT5M",
        "queryPeriod": "PT5M",
        "severity": "Medium",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [
          "Impact"
        ],
        "techniques": null,
        "templateVersion": "1.0.0",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}