Azure SQL Database – Detecting Threats

At first I was nervous but then I realized it was me triggering “Someone has logged on to your server  from an unusual location” message against my Azure SQL database. The process of investigating the “rouge” login didn’t help with what Microsoft offered , I mean it seems hit and miss whether I get routed to the correct audit information via the investigation steps.

Look at the email generated.

mythreats

You may or may not know the login involved (when you get an email), I think I did but I wanted to investigate further as mentioned by the investigation steps – ‘view suspicious activity to validate whether it is legitimate’, so I clicked it.

noaudit

Well that was useful right? Anyways, I get the email more or less real time so I connected to the database and issued a common query to find any logins starting with sql.

SELECT login_time,login_name,program_name,host_name,database_id,status
FROM sys.dm_exec_sessions
WHERE login_name LIKE 'sql%'

connecsys

It was absolutely me.

 

 

3 thoughts on “Azure SQL Database – Detecting Threats

  1. Pingback: Dew Drop - September 4, 2018 (#2795) - Morning Dew

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s