# mssqlreflection

**Explanation**

This event is triggered when the Netography Fusion Portal detects an MSSQL reflection attack. MSSQL reflection attacks are SQL injection attacks that target Microsoft SQL servers running on Windows operating systems.

**What to Look For**

To examine the results of the mssqlreflection event, look for any suspicious activity on the MSSQL server, such as unusual logins or attempts to execute unauthorized queries. It is also recommended to review the server's logs for any SQL injection attempts.

On the network, look for any suspicious traffic to or from the MSSQL server, especially if it is originating from an untrusted source. This traffic could indicate an ongoing attack.

**Related MITRE ATT\&CK Categories**

[Impact: Network Denial of Service, Technique T1498 - Enterprise](https://attack.mitre.org/techniques/T1498)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/detection-models/library/denial-of-service/mssqlreflection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.