File integrity monitoring and SQL injection prevention?

Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?

Find more posts tagged with

Comments

TacoRocket

What HIDS are you using? It would depend on the activity and the engine being used.

Remedymp wrote: »

Is anyone here familiar with File Integrity monitoring and SQL Injection prevention on Databases using HIDS?

So, if you need to detect and possibly prevent, how would differentiate between legitimate behavior? For example: We have DevOps that create modifications to databases on the fly when building instances in AWS and use scripts to auto login and make modifications.

How would we differentiate the difference between this activity? Session_Id with Src_IP with a whitelist?:

Remedymp

TacoRocket wrote: »

What HIDS are you using? It would depend on the activity and the engine being used.

Right now it's OSSEC.

UnixGuy

yes I would whitelist the developers IPs.

I don't use HIDS or DB firewalls, but the IPS and WAF detects SQL Injections and drops the packets