Imperva Cyber Community

Hi Guys 

can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
#DataRiskAnalytics(formerlyCounterBreach)

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

Hi,
It is not a simple job.
You have to know that CB is a machine learning system that analyzes the DB audit logs.
It's impossible to write own policies as in DAM.
CB has around 11 scenarios implemented, and these scenarios you can use as use cases.
Every scenario is explained in CB help. You can read and use it as yours.

So, please send all DB audit logs to the CB, and wait for the results.


Incidents Summary
CounterBreach has 11 built-in unique database use cases that it discovers. Below are definition as
well as a chart to illustrate the threats that are associated with them.

- Suspicious Application Data Access - An interactive (human) user is directly accessing
business data that should normally only be accessed via an application.
- Database Service Account Abuse - An interactive (human) user is using a service account to
access the database.
- Excessive Database Record Access - An individual has queried records in excess of what this
individual, their peer group, and the organization normally query.
- Database Access at Non-Standard Time - used to access the database at a time that is
atypical for this user and their peer group.
- Excessive Failed Logins (Human) - A user has failed to log in more times than typical for this
particular account owner.
- Excessive Failed Logins From Application Server - A user failed to log in to the database
from an application server.
- Machine Takeover - A machine typically used by a specific individual was used by a different
individual to access the database.
- Excessive Multiple Database Access – A user has attempted to access an abnormally high
number of different databases over a short period of time.
- Suspicious Database Command Execution – A user performed a command that is highly
suspicious in nature in an abnormal way.
- Suspicious Sensitive System Tables Scan – An interactive (human) user has scanned
sensitive system tables on several databases over a relatively short period of time in an
abnormal way.
- Suspicious Dynamic SQL Activity – An interactive (human) user has queried a database
using dynamic SQL queries in an abnormal way.









------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw
------------------------------

Original Message:
Sent: 08-29-2021 03:53
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Hi Guys 

can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
#DataRiskAnalytics(formerlyCounterBreach)

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

Thanks Karol for sharing ur input . its very informative.

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

Original Message:
Sent: 08-30-2021 08:12
From: Karol Gruszczynski
Subject: Use Cases for Counter Breach Machine Learning

Hi,
It is not a simple job.
You have to know that CB is a machine learning system that analyzes the DB audit logs.
It's impossible to write own policies as in DAM.
CB has around 11 scenarios implemented, and these scenarios you can use as use cases.
Every scenario is explained in CB help. You can read and use it as yours.

So, please send all DB audit logs to the CB, and wait for the results.


Incidents Summary
CounterBreach has 11 built-in unique database use cases that it discovers. Below are definition as
well as a chart to illustrate the threats that are associated with them.

- Suspicious Application Data Access - An interactive (human) user is directly accessing
business data that should normally only be accessed via an application.
- Database Service Account Abuse - An interactive (human) user is using a service account to
access the database.
- Excessive Database Record Access - An individual has queried records in excess of what this
individual, their peer group, and the organization normally query.
- Database Access at Non-Standard Time - used to access the database at a time that is
atypical for this user and their peer group.
- Excessive Failed Logins (Human) - A user has failed to log in more times than typical for this
particular account owner.
- Excessive Failed Logins From Application Server - A user failed to log in to the database
from an application server.
- Machine Takeover - A machine typically used by a specific individual was used by a different
individual to access the database.
- Excessive Multiple Database Access – A user has attempted to access an abnormally high
number of different databases over a short period of time.
- Suspicious Database Command Execution – A user performed a command that is highly
suspicious in nature in an abnormal way.
- Suspicious Sensitive System Tables Scan – An interactive (human) user has scanned
sensitive system tables on several databases over a relatively short period of time in an
abnormal way.
- Suspicious Dynamic SQL Activity – An interactive (human) user has queried a database
using dynamic SQL queries in an abnormal way.









------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw

Original Message:
Sent: 08-29-2021 03:53
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Hi Guys 

can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
#DataRiskAnalytics(formerlyCounterBreach)

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

As new incident types are added, you can see them in the Imperva online documentation.  See:
https://docs.imperva.com/bundle/v4.1-data-risk-analytics-user-guide/page/63485.htm
for the 4.1 version.

Jim

------------------------------
Jim Burtoft (Prm)
SE
Imperva
State College PA
------------------------------

Original Message:
Sent: 08-31-2021 01:20
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Thanks Karol for sharing ur input . its very informative.

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator

Original Message:
Sent: 08-30-2021 08:12
From: Karol Gruszczynski
Subject: Use Cases for Counter Breach Machine Learning

Hi,
It is not a simple job.
You have to know that CB is a machine learning system that analyzes the DB audit logs.
It's impossible to write own policies as in DAM.
CB has around 11 scenarios implemented, and these scenarios you can use as use cases.
Every scenario is explained in CB help. You can read and use it as yours.

So, please send all DB audit logs to the CB, and wait for the results.


Incidents Summary
CounterBreach has 11 built-in unique database use cases that it discovers. Below are definition as
well as a chart to illustrate the threats that are associated with them.

- Suspicious Application Data Access - An interactive (human) user is directly accessing
business data that should normally only be accessed via an application.
- Database Service Account Abuse - An interactive (human) user is using a service account to
access the database.
- Excessive Database Record Access - An individual has queried records in excess of what this
individual, their peer group, and the organization normally query.
- Database Access at Non-Standard Time - used to access the database at a time that is
atypical for this user and their peer group.
- Excessive Failed Logins (Human) - A user has failed to log in more times than typical for this
particular account owner.
- Excessive Failed Logins From Application Server - A user failed to log in to the database
from an application server.
- Machine Takeover - A machine typically used by a specific individual was used by a different
individual to access the database.
- Excessive Multiple Database Access – A user has attempted to access an abnormally high
number of different databases over a short period of time.
- Suspicious Database Command Execution – A user performed a command that is highly
suspicious in nature in an abnormal way.
- Suspicious Sensitive System Tables Scan – An interactive (human) user has scanned
sensitive system tables on several databases over a relatively short period of time in an
abnormal way.
- Suspicious Dynamic SQL Activity – An interactive (human) user has queried a database
using dynamic SQL queries in an abnormal way.









------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw

Original Message:
Sent: 08-29-2021 03:53
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Hi Guys 

can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
#DataRiskAnalytics(formerlyCounterBreach)

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

Thanks Jim

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------

Original Message:
Sent: 08-31-2021 13:40
From: Jim Burtoft (Prm)
Subject: Use Cases for Counter Breach Machine Learning

As new incident types are added, you can see them in the Imperva online documentation.  See:
https://docs.imperva.com/bundle/v4.1-data-risk-analytics-user-guide/page/63485.htm
for the 4.1 version.

Jim

------------------------------
Jim Burtoft (Prm)
SE
Imperva
State College PA

Original Message:
Sent: 08-31-2021 01:20
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Thanks Karol for sharing ur input . its very informative.

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator

Original Message:
Sent: 08-30-2021 08:12
From: Karol Gruszczynski
Subject: Use Cases for Counter Breach Machine Learning

Hi,
It is not a simple job.
You have to know that CB is a machine learning system that analyzes the DB audit logs.
It's impossible to write own policies as in DAM.
CB has around 11 scenarios implemented, and these scenarios you can use as use cases.
Every scenario is explained in CB help. You can read and use it as yours.

So, please send all DB audit logs to the CB, and wait for the results.


Incidents Summary
CounterBreach has 11 built-in unique database use cases that it discovers. Below are definition as
well as a chart to illustrate the threats that are associated with them.

- Suspicious Application Data Access - An interactive (human) user is directly accessing
business data that should normally only be accessed via an application.
- Database Service Account Abuse - An interactive (human) user is using a service account to
access the database.
- Excessive Database Record Access - An individual has queried records in excess of what this
individual, their peer group, and the organization normally query.
- Database Access at Non-Standard Time - used to access the database at a time that is
atypical for this user and their peer group.
- Excessive Failed Logins (Human) - A user has failed to log in more times than typical for this
particular account owner.
- Excessive Failed Logins From Application Server - A user failed to log in to the database
from an application server.
- Machine Takeover - A machine typically used by a specific individual was used by a different
individual to access the database.
- Excessive Multiple Database Access – A user has attempted to access an abnormally high
number of different databases over a short period of time.
- Suspicious Database Command Execution – A user performed a command that is highly
suspicious in nature in an abnormal way.
- Suspicious Sensitive System Tables Scan – An interactive (human) user has scanned
sensitive system tables on several databases over a relatively short period of time in an
abnormal way.
- Suspicious Dynamic SQL Activity – An interactive (human) user has queried a database
using dynamic SQL queries in an abnormal way.









------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw

Original Message:
Sent: 08-29-2021 03:53
From: Aleemuddin Mohammed
Subject: Use Cases for Counter Breach Machine Learning

Hi Guys 

can some one please help me share the use cases for Counter Breach Machine Learning . Thanks in advance.
#DataRiskAnalytics(formerlyCounterBreach)

------------------------------
Aleemuddin Mohammed
Oracle Database Administrator
------------------------------