You applied the policy in a database service. So under "Policy Name" -> "Apply To"
you have applied the policy and the policy is
active and collecting audit data. That's what triggers the alarm.
In Archive Settings you should schedule the Archive, so check the
Recurring and set
Date & Time.
The alert is to help you not lose audit data by archiving them.
------------------------------
Sabajete Elezaj
Security Engineer
Snt Albania
Tirana
------------------------------
Original Message:
Sent: 08-31-2021 09:14
From: Chintan Myakal
Subject: Audit policies general misconfiguration
The configuration under Archive settings is - Default Archiving Settings. As I mentioned , I did not do any changes in Archive settings. (apply or remove or change)
I want to know, what could have caused this alarm trigger ?
------------------------------
Chintan Myakal
Sr.Cybersecurity Analyst
Mumbai
Original Message:
Sent: 08-31-2021 08:54
From: Sabajete Elezaj
Subject: Audit policies general misconfiguration
Hello,
The change you must have done is applying the policies mentioned to any database service, so the audit policies are now active and collecting audit data. You should configure an archiving action set under "Policy Name" - Archiving, for all the policies mentioned on the error so the error will be resolved.
Hope it helps,
------------------------------
Sabajete Elezaj
Security Engineer
Snt Albania
Tirana
Original Message:
Sent: 08-31-2021 07:50
From: Chintan Myakal
Subject: Audit policies general misconfiguration
Hello,
In DAM an alarm received as below -
===========================================================================================================
Audit policies general misconfiguration
Description
There are audit policies at risk of losing audit
The following audit policies: [ DDL commands, Database configuration changes, Database connections, New Databases, New Users Account, PCI - Audit of newly created objects under system schema, PCI - Modification audit of system-level objects, PCI - Privileged operations on users and privileges management, Privilege manipulation, Table related commands, Users and Privileges Management Commands ] are not properly configured and are at risk of losing audit. The reason is no archiving is configured and no external logger is configured on these policies.
=====================================================================================================================
I am not able to understand why this alert triggered suddenly as we did not any changes the Audit policies. What could be reason for it?
Also, in the alarm I could see the start time and end time does it mean, the alarm was automatically acknowledged ?
#DatabaseActivityMonitoring
------------------------------
Chintan Myakal
Sr.Cybersecurity Analyst
Mumbai
------------------------------