This section provides information on deployable Low-Interactive-Active-Defense-Services (LIADS) Database Services with configurable options and logging:

MYSQL

Emulates a running MYSQL service on the server. By default, the service is configured to run on 'TCP/3306', any connection attempts made with the service are logged and alerted.

• Log data captured include "Source-IP, Destination-IP, Username/Password used during login attempt", which can be used during analysis by the analyst.

• MYSQL service options "Port, Display Banner" can be configured and adjusted as per the deployed environment.

MSSQL

Emulates a running MSSQL service on the server. By default, the service is configured to run on 'TCP/1433', any connection attempts made with the service are logged and alerted.

• Log data captured include "Source-IP, Destination-IP, Database (attempted to connect), Username (used), Server, Remote-Host, Remote-Client", which can be used during analysis by the analyst.

• MSSQL service options "Port, Version" can be configured and adjusted as per the deployed environment.

REDIS

Emulates a running REDIS Database service on the server. Service is configured to run on 'TCP/6379' with default configuration, any interactions made with the service are logged and alerted.

• Captured log data includes "Source-IP, Destination-IP, Redis Command Executed". Though the service does not require additional configuration, the service port can be reconfigured as needed.