Security Hub

Bring your software development workflows to security

MySQL

MySQL data exfiltration

Enterprise

Signals & Triggers

On MySQL database access
If unusual high volume of outbound data

Actions

  • block database access block database access
  • block incoming http request block incoming http request
  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Data exfiltration or data leaks are one of the most harmful categories of attack a business can experience. This plugin prevents data leaks by monitoring unusual volumes of data coming out of a database by application route.

In order to define the traffic baseline, this plugin will learn over several days before starting to alert. On top of that, you can define volume thresholds per application route.

Advanced details

On database requests, this plugin watches SQL queries executed by the database from the application and monitors the size of outbound data per IP or UserID (when Sqreen SDK is installed).

If the amount of data exceeds a triggering volume (threshold) or varies in an unusual way compared to the regular traffic, an attack will trigger.

No traffic redirection is made, the data analysis is performed within the application.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals
  • Volume of outbound data

On attack
  • Request volume
  • Attacker IP
  • Attacker account (with Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://8dc0b36f0ea6f2f21b721765e10a7e02768cd1825b4551f4:@packagecloud.io/install/repositories/sqreen/sqreen/script.deb.sh | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo