Imperva Cyber Community

 View Only
  • 1.  DAM Violation-Extremely Long SQL Request

    Posted 08-30-2021 08:20
    ​​Dear Team,

    I am receiving daily "extremely long SQL request " alert in DAM console. I have confirmed  source and destination, user are legitimate for the event with the help of application owner. And after that I have whitelisted the source IP and user name in policy.

    But still I am getting the same violations on console, from same source and user. Is there any alternate way to whitelisting this query or alert.

    Thanks & Regards,
    Bachchulal Varma
    #DatabaseActivityMonitoring

    ------------------------------
    Bachchulal varma
    Inspira enterprise pvt ltd
    ------------------------------


  • 2.  RE: DAM Violation-Extremely Long SQL Request

    Posted 08-31-2021 10:28
    Hi,

    you have three options:
    1. tune the policy - add an exception
    2. on a server group level - add restricsion  in Ignore IP
    3. turn off this policy for all DB services.

    In my opinion - 3th is the best.


    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Warsaw
    ------------------------------