Azure API calls indicating MySQL database modification
Description
AlphaSOC detected modifications to an Azure MySQL Flexible Server configuration. Changes to database settings may impact security posture or performance. Adversaries may alter configurations to weaken security controls, enable unauthorized access, or prepare for data exfiltration.
Impact
Unauthorized database modifications can disable security features like SSL enforcement, enable public network access, or weaken authentication requirements. These changes may expose sensitive data to unauthorized access or create pathways for data exfiltration. Configuration changes can also disrupt database availability.
Severity
| Severity | Condition |
|---|---|
Low | MySQL database modification by the user for the first time |
Investigation and Remediation
Review the specific configuration changes made to the MySQL server. Verify the identity of the user who made the modifications and confirm the action was authorized. Check for changes to network access rules, SSL requirements, or authentication settings. If unauthorized changes are detected, restore the original configuration and investigate the user's account for compromise.