version: 1 ATT&CK version: 8.2 creation date: 03/24/2021 name: SQL Vulnerability Assessment contact: ctid@mitre-engenuity.org organization: Center for Threat Informed Defense (CTID) platform: Azure tags: - Azure Defender for SQL - Database description: >- SQL vulnerability assessment is a service that provides visibility into your security state. The service employs a knowledge base of rules that flag security vulnerabilities. It highlights deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. techniques: - id: T1190 name: Exploit Public-Facing Application technique-scores: - category: Protect value: Minimal comments: >- This control provides recommendations to patch if SQL server is out of date and to disable unneeded features to reduce exploitable surface area. - id: T1078 name: Valid Accounts technique-scores: - category: Protect value: Minimal sub-techniques-scores: - sub-techniques: - id: T1078.001 name: Default Accounts scores: - category: Protect value: Partial comments: >- This control may provide recommendations to disable default accounts and restrict permissions for existing accounts. - id: T1505 name: Server Software Component technique-scores: - category: Protect value: Minimal sub-techniques-scores: - sub-techniques: - id: T1505.001 name: SQL Stored Procedures scores: - category: Protect value: Partial comments: This control may scan for users with unnecessary access to SQL stored procedures. - id: T1068 name: Exploitation for Privilege Escalation technique-scores: - category: Protect value: Partial comments: >- This control may scan for users with unnecessary permissions and if SQL Server is out of date. - id: T1112 name: Modify Registry technique-scores: - category: Protect value: Minimal comments: >- This control may scan for any stored procedures that can access the Registry and checks that permission to execute those stored procedures have been revoked from all users (other than dbo). comments: >- All scores are capped at Partial since this control provides recommendations rather than applying/enforcing the recommended actions. references: - 'https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment' - >- https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-rules