Imperva Cyber Community

Expand all | Collapse all

Vuln assessment without OS access?

  • 1.  Vuln assessment without OS access?

    Posted 05-07-2020 14:02
    Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
    #DatabaseActivityMonitoring

    ------------------------------
    Brandon Zeitlin
    HCA Healthcare
    TN
    ------------------------------


  • 2.  RE: Vuln assessment without OS access?

    Community Manager
    Posted 05-07-2020 14:31
    @Brandon Zeitlin, one of our experts says that "Yes, if only db connection is available then only db tests will run". Also, The other way around by the way won't work, one cannot run assessments with only an os connection. db connection is a must, os connection is optional. Does this help?


    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: Vuln assessment without OS access?

    Imperva Employee
    Posted 05-07-2020 14:45
    Hi Brandon,
    The direct answer is OS credentials are only necessary to test assessments with respect to the OS. If there are no tests against the OS, there is no need to have the credentials. A DAS scan that only scans the DB only requires DB credentials.

    Knowledge articles:
    DAS: https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/3817.htm
    DAS OS assessment: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1081.htm
    DAS scans: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1082.htm

    Thank you.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 4.  RE: Vuln assessment without OS access?

    Posted 05-12-2020 11:30
    Is this the same for MSSQL devices, do you need domain access for DB assessment?

    ------------------------------
    Brandon Zeitlin
    HCA Healthcare
    TN
    ------------------------------



  • 5.  RE: Vuln assessment without OS access?

    Imperva Employee
    Posted 05-12-2020 11:55
    Same for MS SQL and other supported DBs.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------