Splunk

MCP Postgres Suspicious Query

Last updated 2 days ago on 2026-07-17

About

This detection identifies potentially malicious SQL queries executed through MCP PostgreSQL server connections, monitoring for privilege escalation attempts, credential theft, and schema reconnaissance. These patterns are commonly observed in SQL injection attacks, compromised application credentials, and insider threat scenarios targeting database assets.
Platform
Splunk
Tags
Data Source: SplunkDomain: ApplicationRule Type: QueryOS: Any
Severity
medium
Risk Score
47
References
https://splunkbase.splunk.com/app/8377(external, opens in a new tab or window)https://www.nodejs-security.com/blog/the-tale-of-the-vulnerable-mcp-database-server(external, opens in a new tab or window)https://www.splunk.com/en_us/blog/security/securing-ai-agents-model-context-protocol.html(external, opens in a new tab or window)
False Positives
Legitimate database administrators performing user management tasks, ORM frameworks querying information_schema for schema validation, password reset functionality, and CI/CD pipelines running database migrations.
Source
View on GitHub(external, opens in a new tab or window)

Definition

Rule Language
SPL
Rule Type
query
text code block:
`mcp_server` method=query direction=inbound | eval dest=host | eval query_lower=lower('params.query') | eval suspicious_query='params.query' | eval is_priv_escalation=if(like(query_lower, "%update%users%role%admin%") OR like(query_lower, "%grant%admin%") OR like(query_lower, "%grant%superuser%"), 1, 0) | eval is_credential_theft=if(like(query_lower, "%password%") OR like(query_lower, "%credential%") OR like(query_lower, "%api_key%") OR like(query_lower, "%secret%"), 1, 0) | eval is_recon=if(like(query_lower, "%information_schema%") OR like(query_lower, "%pg_catalog%") OR like(query_lower, "%pg_tables%") OR like(query_lower, "%pg_user%"), 1, 0) | where is_priv_escalation=1 OR is_credential_theft=1 OR is_recon=1 | eval attack_type=case( is_priv_escalation=1, "Privilege Escalation", is_credential_theft=1, "Credential Theft", is_recon=1, "Schema Reconnaissance", 1=1, "Unknown") | stats count min(_time) as firstTime max(_time) as lastTime values(suspicious_query) as suspicious_queries values(attack_type) as attack_types dc(attack_type) as attack_diversity by dest | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | table dest firstTime lastTime count suspicious_queries attack_types attack_diversity | `mcp_postgres_suspicious_query_filter`

View this rule on Splunk

This rule was sourced from the official Splunk public repository. View the original rule on GitHub(external, opens in a new tab or window).