Skip to content

SankethSubhas/sql-user-access-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
GRC_Executive_Summary.txt
GRC_Executive_Summary.txt
 
 
README.md
README.md
 
 
access_audit.py
access_audit.py
 
 
screenshot1.png
screenshot1.png
 
 
screenshot2.png
screenshot2.png
 
 

Repository files navigation

SQL User Access Review & Compliance Audit

A GRC-focused tool that audits user accounts in a database against access control policies. Detects zombie accounts, unauthorized privilege escalation, and stale accounts. Maps findings to MITRE ATT&CK and generates a GRC Executive Summary report.

What It Does

Runs three automated SQL audit queries against a user account database and produces a structured compliance report:

Audit What It Finds Severity
Zombie Accounts Terminated employees with active accounts CRITICAL
Privilege Escalation Users with admin rights beyond their role level HIGH
Stale Accounts Active accounts with no login in 90+ days MEDIUM

Demo Output

Audit Output

GRC Executive Summary

GRC Executive Summary

The tool auto-generates a GRC_Executive_Summary.txt report including:

  • Finding details with severity ratings (CRITICAL / HIGH / MEDIUM)
  • Risk assessment narrative
  • Remediation recommendations
  • Compliance mapping to ISO 27001, NIST 800-53, and MITRE ATT&CK

Mock Database

The included database contains 6 users with 3 intentional policy violations:

User Violation
bwilliams Zombie account — active 90 days after termination
atran Jr. analyst with unauthorized admin rights
dchen No login in 95 days — stale account
jsmith, mrodriguez, lkumar Clean accounts — no violations

MITRE ATT&CK Mapping

Finding Technique
Zombie Account T1078 — Valid Accounts
Privilege Escalation T1078.003 — Valid Accounts: Local Accounts
Stale Account T1078 — Valid Accounts

Compliance Frameworks

  • ISO 27001 — A.9.2.1 (User Registration), A.9.2.5 (Access Rights Review)
  • NIST 800-53 — AC-2 (Account Management), AC-6 (Least Privilege)

How to Run

git clone https://github.com/SankethSubhas/sql-user-access-audit
cd sql-user-access-audit
python3 access_audit.py

No dependencies. Uses Python's built-in sqlite3 module.

Files

access_audit.py           # Main audit script
access_review.db          # Auto-generated mock database
GRC_Executive_Summary.txt # Auto-generated compliance report

Author

Sanketh Subhas — Cybersecurity Analyst | GRC | SOC
Portfolio: sankethsubhas.pages.dev
GitHub: github.com/SankethSubhas
LinkedIn: linkedin.com/in/sankethsubhas

About

Audits user accounts against access control policies. Detects zombie accounts, privilege escalation, and stale accounts. Maps to MITRE ATT&CK. Generates GRC Executive Summary.

sankethsubhas.pages.dev

Topics

sql sqlite iam python3 cybersecurity compliance grc access-control mitre-attack

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages