Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Azure Database PostgreSQL

Azure Database PostgreSQL
Azure Database PostgreSQL icon

Coralogix Extension For Azure Database PostgreSQL Includes:

Alerts - 6

Stay on top of Azure Database PostgreSQL key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Multiple Failed Connection Attempts From an IP Address

This alert triggers when there are more than 5 failed connection attempts to the Azure PostgreSQL database in a 10-minutes interval from an IP address. Impact Multiple failed connection/login attempts in a short time frame might indicate a brute-force attack against the relevant account. Mitigation Check if the user/s are aware of the connection attempts and that these attempts are legit. If not, investigate this activity further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. MITRE Tactic: TA0006 MITRE Technique: T1110

Excessive ALTER Statement Executed

This alert detects the use of SQL alter statement. The alter statement is used to add, delete, or modify columns in an existing table. This alert can trigger potential false positives. Please consider fine-tuning it according to your specific machines or user groups. Impact After an adversary has access to your Azure PostgreSQL database and has the necessary permissions they can alter the database tables to modify, delete or add the existing records. They can thus escalate their privileges and maintain persistence in the network or disrupt an organization's business operations. Mitigation Validate if this action was legitimate. If not, revert the change and investigate it further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. MITRE Tactic: TA0003 MITRE Technique: T1505 MITRE Sub-Technique: 001

Excessive DROP Statement Executed

This alert detects the use of SQL drop statement. A drop statement is used to either delete an existing table in a database or delete a database itself. This alert can trigger potential false positives. Please consider fine-tuning it according to your specific machines or user groups. Impact After an adversary has access to your Azure PostgreSQL database and has the necessary permissions, it can insert new records in highly sensitive database tables. Mitigation Validate if this action was legitimate. If not, revert the change and investigate it further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. MITRE Tactic: TA0003 MITRE Technique: T1505 MITRE Sub-Technique: 001

Multiple 'Error' Log Type Seen From an IP Address

This alert triggers when more than 3 entries for the log type 'Error' are logged in a 10-minute interval. Impact Multiple entries for log type 'Error' could be an indication of malicious activity happening on the Azure PostgreSQL database. Mitigation Check with the user to validate if the action was legitimate and that they are aware of it. If not, investigate further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. MITRE Tactic: TA0006 MITRE Technique: T1110

Excessive DELETE Statement Executed

This alert detects the excessive use of the SQL delete statement in a specific time interval. The delete statement is used to delete existing records in a table. A user can either delete some records or all the records in a table. Impact After an adversary has access to your Azure PostgreSQL database and has the necessary permissions, it can delete database tables and records in order to disrupt an organization's business operations. Mitigation Validate if this action was legitimate. If not, revert the change and investigate it further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. 5. Check database user accounts for excessive privileges to delete database tables and records. MITRE Tactic: TA0003 MITRE Technique: T1505 MITRE Sub-Technique: 001

GRANT Statement Executed

This alert detects the use of a SQL grant statement. GRANT is a command used to provide access or privileges on the database objects to the users. This alert can trigger potential false positives. Please consider fine-tuning it according to your specific machines or user groups. Impact After an adversary has access to your Azure PostgreSQL database and has the necessary permissions they can grant the access rights to a user on critical database objects. Mitigation Validate if this action was legitimate. If not, revert the change and investigate it further. Additionally, administrators can consider the following recommendations to better secure PostgreSQL: 1. Require all PostgreSQL accounts to have a strong password. 2. Do not run PostgreSQL with root-level privileges. 3. If the PostgreSQL database is only used by local applications, remote access to the server should be disabled. 4. The PostgreSQL instance should be configured to only allow access to permitted hosts. MITRE Tactic: TA0003 MITRE Technique: T1505 MITRE Sub-Technique: 001

Integration

Learn more about Coralogix's out-of-the-box integration with Azure Database PostgreSQL in our documentation.

Read More
Schedule Demo