Rule Info
Name
SQL Server Query Output to File via OSQL.EXE
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects SQL Server queries that output results to a file using the OSQL utility.
This might indicate potential attempts to save sensitive data for exfiltration or for later analysis during post-exploitation activities.
Even though this could be executed in legitimate contexts, this warrants immediate investigation.
Date
2026-07-05 00:00:00
Modified
None
Id
181c8a16-4b55-43d5-99be-a1c48a5e9cb7
Tags
attack.collection attack.t1213.006 attack.t1005
Type
Nextron Sigma feed only (private)
