The Databases Dashboard shows the log activity from the Snare MSSQL agent that collects and monitors user activity on Microsoft SQL Instances and database servers. The Snare SQL agent can monitor many key aspects of the database and collect logs that cover all user administrative activity as well as normal user activity. In general the agent is mostly used to monitor just the DBA level or administrative user activity on the database as the applications usually has role based access controls in place to control what a user can do. A DBA or system administrator can override any technical controls from an application level as they have direct access to the database. The can run any form of database update, delete, truncate tables, export data out of the database procedures and change content all outside of the control of the application. While most DBAs and sysadmins are in trusted roles, if their access is compromised then the attacker can use their credentials to perform nefarious activity. Understanding and knowing of what activity is approved and what is not on the database helps to detect any unauthorized changes or a loss of confidentiality to sensitive data. Some parts of the dashboard only show data for the last 4 hours as some SQL systems can generate massive events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
The key aspects of the dashboard are:
...