Imperva Cyber Community

Expand all | Collapse all

Vuln assessment without OS access?

  • 1.  Vuln assessment without OS access?

    Posted 25 days ago
    Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
    #DatabaseActivityMonitoring

    ------------------------------
    Brandon Zeitlin
    HCA Healthcare
    TN
    ------------------------------


  • 2.  RE: Vuln assessment without OS access?

    Community Manager
    Posted 25 days ago
    @Brandon Zeitlin, one of our experts says that "Yes, if only db connection is available then only db tests will run". Also, The other way around by the way won't work, one cannot run assessments with only an os connection. db connection is a must, os connection is optional. Does this help?


    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: Vuln assessment without OS access?

    Imperva Employee
    Posted 25 days ago
    Hi Brandon,
    The direct answer is OS credentials are only necessary to test assessments with respect to the OS. If there are no tests against the OS, there is no need to have the credentials. A DAS scan that only scans the DB only requires DB credentials.

    Knowledge articles:
    DAS: https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/3817.htm
    DAS OS assessment: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1081.htm
    DAS scans: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1082.htm

    Thank you.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 4.  RE: Vuln assessment without OS access?

    Posted 20 days ago
    Is this the same for MSSQL devices, do you need domain access for DB assessment?

    ------------------------------
    Brandon Zeitlin
    HCA Healthcare
    TN
    ------------------------------



  • 5.  RE: Vuln assessment without OS access?

    Imperva Employee
    Posted 20 days ago
    Same for MS SQL and other supported DBs.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------