Imperva Cyber Community

Expand all | Collapse all

DAM Violation-Extremely Long SQL Request

  • 1.  DAM Violation-Extremely Long SQL Request

    Posted 19 days ago
    ​​Dear Team,

    I am receiving daily "extremely long SQL request " alert in DAM console. I have confirmed  source and destination, user are legitimate for the event with the help of application owner. And after that I have whitelisted the source IP and user name in policy.

    But still I am getting the same violations on console, from same source and user. Is there any alternate way to whitelisting this query or alert.

    Thanks & Regards,
    Bachchulal Varma
    #DatabaseActivityMonitoring

    ------------------------------
    Bachchulal varma
    Inspira enterprise pvt ltd
    ------------------------------


  • 2.  RE: DAM Violation-Extremely Long SQL Request

    Posted 18 days ago
    Hi,

    you have three options:
    1. tune the policy - add an exception
    2. on a server group level - add restricsion  in Ignore IP
    3. turn off this policy for all DB services.

    In my opinion - 3th is the best.


    ------------------------------
    Karol Gruszczynski
    IT SECURITY EXPERT
    Warsaw
    ------------------------------