INCIDENT DETAILS: Suspicious Database Access / Data Exfiltration Risk.

Risk Score:91CRITICAL

FORENSIC ANALYSIS & EVIDENCE

TYPE

Database Access Anomaly (Oracle TNS)

SOURCE

Internal Dev Host 10.5.23.17

(Zone: DevNet)

ACCOUNT

dev_admin (Privileged)

DESTINATION

VIP Core DB

172.16.10.20 (Tier-0)

QUERY SEMANTICS

DB Sessions & Data Egress Trend (Last 30 Min)

0 / 120MB

TOP CLIENTS

10.5.23.17

(DevNet)

Sessions (count)
Data egress (MB)

QUERY STRUCTURE & SENSITIVITY

OPERATION TYPE:SELECT (Read)

TARGET OBJECT:VIP_CUSTOMER_TABLEPII / High Sensitivity

SQL_STATEMENT:

SELECT /* Business=VIP Banking */ cust_id, phone_name, user_name, Credit Limit

FROM VIP_CUSTOMER_TABLE

WHERE region = 'SG';

AI REMEDIATION RECOMMENDATION

Summary:

Restrict privileged dev account access to VIP Core DB; enforce jump host policy

# FortiGate Firewall Policy (Draft)
edit 200
 set name "ALLOW_DB_MAINT_FROM_JUMP"
 set srcintf "DevNet" set dstintf "CoreNet"
 set srcaddr "DB_JUMP_HOST" set dstaddr "VIP_CORE_DB"
 set service "ORACLE_TNS_1521" set schedule "DB_CHANGE_WINDOW"
 set action accept set logtraffic all
next
edit 201
 set name "DENY_DEVNET_TO_VIP_CORE_DB"
 set srcintf "DevNet" set dstintf "CoreNet"
 set srcaddr "DEV_HOST_10.5.23.17" set dstaddr "VIP_CORE_DB"
 set service "ORACLE_TNS_1521" set schedule "always"
 set action deny set logtraffic all
next

INCIDENT DETAILS: Suspicious Database Access / Data Exfiltration Risk.

FORENSIC ANALYSIS & EVIDENCE

QUERY SEMANTICS

QUERY STRUCTURE & SENSITIVITY

EXECUTION PATTERN & IMPACT

EXECUTION METRICS

AI REMEDIATION RECOMMENDATION