SQL Injection

Back


Id	96ec9a28-ffd9-4aa6-a569-b1a53731fda3
Rulename	SQL Injection
Description	Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker’s code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user’s browser.
Severity	Medium
Tactics	Impact
Techniques	T1516
Required data connectors	ContrastADR
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
Version	1.0.0
Arm template	96ec9a28-ffd9-4aa6-a569-b1a53731fda3.json

KQL

ContrastADR_CL | where rule_s == "reflected-xss"

YAML

requiredDataConnectors:
- connectorId: ContrastADR
  dataTypes:
  - ContrastADR_CL
tactics:
- Impact
description: |
    'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'
query: ContrastADR_CL | where rule_s == "reflected-xss"
id: 96ec9a28-ffd9-4aa6-a569-b1a53731fda3
triggerOperator: gt
relevantTechniques:
- T1516
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml
queryFrequency: 5m
severity: Medium
entityMappings:
- fieldMappings:
  - columnName: uiUrl_s
    identifier: Url
  entityType: URL
name: SQL Injection
queryPeriod: 5m
kind: Scheduled
triggerThreshold: 0
version: 1.0.0
status: Available

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/96ec9a28-ffd9-4aa6-a569-b1a53731fda3')]",
      "properties": {
        "alertRuleTemplateName": "96ec9a28-ffd9-4aa6-a569-b1a53731fda3",
        "customDetails": null,
        "description": "'Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.'\n",
        "displayName": "SQL Injection",
        "enabled": true,
        "entityMappings": [
          {
            "entityType": "URL",
            "fieldMappings": [
              {
                "columnName": "uiUrl_s",
                "identifier": "Url"
              }
            ]
          }
        ],
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ContrastADR/Analytic Rules/Contrast_ADR_Cross-site_Scripting.yaml",
        "query": "ContrastADR_CL | where rule_s == \"reflected-xss\"",
        "queryFrequency": "PT5M",
        "queryPeriod": "PT5M",
        "severity": "Medium",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [
          "Impact"
        ],
        "techniques": null,
        "templateVersion": "1.0.0",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}