Security Hub

Bring your software development workflows to security

MySQL

MySQL data exfiltration

Signals & Triggers

On MySQL database access
If unusual high volume of outbound data

Actions

  • block database access Block database access
  • block incoming http request Block incoming http request
  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Data exfiltration or data leaks are one of the most harmful categories of attack a business can experience. This plugin prevents data leaks by monitoring unusual volumes of data coming out of a database by application route.

In order to define the traffic baseline, this plugin will learn over several days before starting to alert. On top of that, you can define volume thresholds per application route.

Advanced details

On database requests, this plugin watches SQL queries executed by the database from the application and monitors the size of outbound data per IP or UserID (when Sqreen SDK is installed).

If the amount of data exceeds a triggering volume (threshold) or varies in an unusual way compared to the regular traffic, an attack will trigger.

No traffic redirection is made, the data analysis is performed within the application.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

  • Volume of outbound data

On attack
  • Request volume
  • Attacker IP
  • Attacker account (with Sqreen SDK)

Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo