The Snare Agent for Microsoft SQL Server can now be configured to collect Extended Events, enabling security teams to capture more events compared to SQL Trace.
The new View Extended Events page allows security teams to explore a tree of categories and events available on the current server, paired with a Filter to find events of interest by name. This makes threat detection and response faster and more comprehensive so security teams and IT stakeholders can confidently answer questions related to cyber incidents and breaches (who got in, how they got in, and what they stole).
Enhancements to the Snare Agent for SQL will enable security teams to:
- Access a more granular audit of database content and enhanced database performance metrics and statistics
- Collect as much or as little data required to identify anomalous actives in SQL Server
- Dramatically decreasing time spent on finding bad actors
- Use new event auditing options with extended coverage and very specific audit settings
- Collect enhanced audit events with additional detail and control