Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Database Contexts

These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups for databases as match conditions in IDP policy rules.

Service Contexts: MS-SQL

The table displays the security context details for MS-SQL:

Table 1: Service Contexts: MS-SQL

Context and Direction

Description

Example of Contexts

mssql-0x12 (CTS)

Matches the content of an MS-SQL type 0x12 request message.

mssql-cancel (CTS)

Matches the content of an MS-SQL cancel message

mssql-login (CTS)

Matches the content of an MS-SQL login message

MSSQL TDS7 login packet showing header info, highlighted login data in hex and ASCII, used for debugging and analysis.

mssql-login-app (CTS)

Matches the name of the application in an MS-SQL Login message

MSSQL transaction field showing TCP packet details for TDS7 login; Source Port 50399, Destination Port 1433, Seq 868843253, Ack 1016878433, Length 246 bytes. TDS7 Login Packet includes Client name SA-NC-MFG-239, Username WinCCConnect, Password 2WSXcder, App name SQL Query Analyzer, Server name SNAKE. Context: mssql-login-app pattern identifying SQL Query Analyzer.

mssql-login-client (CTS)

Matches the name of the client in an MS-SQL Login message

MSSQL transaction showing TCP packet for TDS login: Source Port 50399, Dest Port 1433, Seq 868843253, Ack 1016878433, Length 246. Client Name SA-NC-MFG-239, Username WinCCConnect, Password 2WSXcder, App Name SQL Query Analyzer, Server Name SNAKE, Library Name ODBC.

mssql-login-database (CTS)

Matches the name of the database in an MS-SQL Login message

mssql-login-language (CTS)

Matches the name of the language in an MS-SQL Login message

mssql-login-lib (CTS)

Matches the name of the library in an MS-SQL Login message

MSSQL TCP packet showing source port 50399, destination port 1433, and TDS7 login details with username WinCCConnect and server name SNAKE.

mssql-login-pass (CTS)

Matches the password in an MS-SQL Login message

TCP packet details in MSSQL transaction with TDS7 login: Client name SA-NC-MFG-239, Username WinCCConnect, Password highlighted as sensitive.

mssql-login-server (CTS)

Matches the name of the server in an MS-SQL Login message

MSSQL transaction field showing TCP packet details with source port 50399, destination port 1433, and TDS7 login info. Client name: SA-NC-MFG-239, username: WinCCConnect, server name: $NAKE.

mssql-login-user (CTS)

Matches the name of the user in an MS-SQL Login message

TCP segment with source port 1035 and destination port 1433. TDS7 login packet of 152 bytes with username sa, app SQL Query Analyzer, server SNAKE, library ODBC. Context: mssql-login-user pattern sa.

mssql-query (CTS)

Matches the content of an MS-SQL query message.

MSSQL transaction field example showing TCP and TDS query packet details; key elements: source port 1175, destination port 1433, sequence number 3017454680, acknowledgment number 1346858528, length 60; TDS SQL batch query set quoted_identifier off.

mssql-request-other (CTS)

Matches the content of an MS-SQL unknown Request message.

mssql-rpe (CTS)

Matches the content of an MS-SQL RPC message

mssql-rpc-name (CTS)

Matches the RPC name in an MS-SQL request message.

Service Contexts: MYSQL

The table displays the security context details for MYSQL:

Table 2: Service Contexts: MySQL

Context and Direction

Description

Example of Contexts

mysql-login- request-caps (CTS)

Matches the MYSQL Login Request Caps Data.

MSSQL transaction field showing MySQL protocol packet: TCP details with source port 47142, destination port 3306, and MySQL login request for user root.

mysql-login- request-caps-pswd (CTS)

Matches the MYSQL Login Request Caps Password.

MSSQL transaction field showing MySQL login request details with TCP info, username root, and highlighted password hash for analysis.

mysql-login- request-caps-user (CTS)

Matches the MYSQL Login Request Caps Username.

MySQL transaction login request example showing packet details, client capabilities, username root, and hashed password.

mysql-preamble (ANY)

Matches the 4 first bytes of the packet.

mysql-req-command (CTS)

Matches the MYSQL Request Command.

MySQL login request example showing protocol packet length 24, number 1, client capabilities 0x248d, MAX packet 0, username root, password 575c40414d4a444700, context mysql-req-command pattern root.

mysql-response (STC)

Matches the MYSQL Response.

MySQL server response analysis showing protocol packet length 52, packet number 0, server protocol 10, version 4.0.23_Debian-3-log, thread ID 16, salt l\fmqmS4, server capabilities 0x202c, with context pattern Debian.

mysql-server-greeting (STC)

Matches the MYSQL Server Greeting Data.

MySQL transaction field showing Server Greeting with details: Packet Length 52, Packet Number 0, Protocol 10, Version 4.0.23_Debian-3-log, Thread ID 16, Salt l\fmqmS4, Server Capabilities 0x202c. Pattern Debian identified for analyzing server responses.