Imperva Cyber Community

Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
#DatabaseActivityMonitoring

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------

@Brandon Zeitlin, one of our experts says that "Yes, if only db connection is available then only db tests will run". Also, The other way around by the way won't work, one cannot run assessments with only an os connection. db connection is a must, os connection is optional. Does this help?

------------------------------
Christopher Detzel
Community Manager
Imperva
------------------------------

Original Message:
Sent: 05-07-2020 14:01
From: Brandon Zeitlin
Subject: Vuln assessment without OS access?

Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
#DatabaseActivityMonitoring

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------

Hi Brandon,
The direct answer is OS credentials are only necessary to test assessments with respect to the OS. If there are no tests against the OS, there is no need to have the credentials. A DAS scan that only scans the DB only requires DB credentials.

Knowledge articles:
DAS: https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/3817.htm
DAS OS assessment: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1081.htm
DAS scans: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1082.htm

Thank you.

------------------------------
Scott Morgan
Impreva
------------------------------

Original Message:
Sent: 05-07-2020 14:01
From: Brandon Zeitlin
Subject: Vuln assessment without OS access?

Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
#DatabaseActivityMonitoring

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------

Is this the same for MSSQL devices, do you need domain access for DB assessment?

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------

Original Message:
Sent: 05-07-2020 14:45
From: Scott Morgan
Subject: Vuln assessment without OS access?

Hi Brandon,
The direct answer is OS credentials are only necessary to test assessments with respect to the OS. If there are no tests against the OS, there is no need to have the credentials. A DAS scan that only scans the DB only requires DB credentials.

Knowledge articles:
DAS: https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/3817.htm
DAS OS assessment: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1081.htm
DAS scans: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1082.htm

Thank you.

------------------------------
Scott Morgan
Impreva

Original Message:
Sent: 05-07-2020 14:01
From: Brandon Zeitlin
Subject: Vuln assessment without OS access?

Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
#DatabaseActivityMonitoring

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------

Same for MS SQL and other supported DBs.

------------------------------
Scott Morgan
Impreva
------------------------------

Original Message:
Sent: 05-12-2020 11:30
From: Brandon Zeitlin
Subject: Vuln assessment without OS access?

Is this the same for MSSQL devices, do you need domain access for DB assessment?

------------------------------
Brandon Zeitlin
HCA Healthcare
TN

Original Message:
Sent: 05-07-2020 14:45
From: Scott Morgan
Subject: Vuln assessment without OS access?

Hi Brandon,
The direct answer is OS credentials are only necessary to test assessments with respect to the OS. If there are no tests against the OS, there is no need to have the credentials. A DAS scan that only scans the DB only requires DB credentials.

Knowledge articles:
DAS: https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/3817.htm
DAS OS assessment: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1081.htm
DAS scans: https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/1082.htm

Thank you.

------------------------------
Scott Morgan
Impreva

Original Message:
Sent: 05-07-2020 14:01
From: Brandon Zeitlin
Subject: Vuln assessment without OS access?

Can DAS assess database vulnerabilities on DB2 without an OS connection? We would still be able to get DB "Sphere" vulnerabilities?
#DatabaseActivityMonitoring

------------------------------
Brandon Zeitlin
HCA Healthcare
TN
------------------------------