- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect common shell utilities, HTTP utilities, or shells spawned by a database process (e.g., MySQL, PostgreSQL, MongoDB).
Attacks on databases often take advantage of oversights in I/O sanitization and validation to run attacker statements and commands. For example, these attacks could take the form of database query injection, which can signal the beginning of an intrusion and wider attack, by establishing a web shell or exfiltrating data. This detection triggers when common shell utilities, HTTP utilities, or shells are spawned by one of a set of database processes (e.g., MySQL, MongoDB, PostgreSQL). This is atypical behavior for a database. If this is unexpected behavior, it could indicate an attacker attempting to compromise your database or host machine.
Requires Agent version 7.27 or greater