Search Imperva Community for
Looking for some tips and trick with tuning DAM security policies within my environment. At the moment I have default security policies enabled and would like to start tuning out any major noise that is setting off CRITICAL/HIGH level alerts. It seems as though the default policies do not allow a lot of adjustment.
What are some best practices with tuning the policies? Wondering how others have had success?
One example: I have a SQL monitoring application causing a ton of noise and generating 'SQL Injection' alerts. All traffic is coming from the same source, hitting all servers.
Policy enabled: Recommended Signature Policy for Database Applications
Focusing on the example in my original post. Our DBA's are using a tool called 'Redgate SQL monitor' within our MSSQL environment.
This tool is causing a lot of SQL injection alerts which are false positives. What would be the best way to modify this alert to remove any noise from this application.
I know I could click on each 'Violation' and click 'Add as exception', however when there are 5000 violations... haha. Added a screenshot of one of the alerts.
Thanks for this information! I see now where I can expand the criteria for the exception.
Is there a way to add further exception criteria to that area, such as a lookup data set?Appreciate the help!
One last question...
I am trying to use this full query field to add an exception to this monitoring software. All of the queries have a similar object naming showing up throughout all of the operations. "##redgate_sqlmonitor_querywaitstats"
Example query selection:
--RedGateIgnore RedGateNoLog..SET NOCOUNT ON;....IF OBJECT_ID(N'tempdb..[##redgate_sqlmonitor_querywaitstats_SERVER1_SERVER2.(local)]').....Are wildcards an option in the 'Full Query' exception area, or can you think of any other way I could match this?
or Contact Us
Copyright @ 2019 Imperva. All rights reserved