- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect common shell utilities, HTTP utilities, or shells spawned by a database process (e.g., MySQL, PostgreSQL, MongoDB).
Attacks on databases often take advantage of oversights in I/O sanitization and validation to run attacker statements and commands. For example, these attacks could take the form of database query injection, which can signal the beginning of an intrusion and wider attack, by establishing a web shell or exfiltrating data. This detection triggers when common shell utilities, HTTP utilities, or shells are spawned by one of a set of database processes (e.g., MySQL, MongoDB, PostgreSQL). This is atypical behavior for a database. If this is unexpected behavior, it could indicate an attacker attempting to compromise your database or host machine.
Requires Agent version 7.27 or greater