Well, the issue is that we have exadatas which hold many many databases, and most of which are out of scope for our database monitoring efforts. We simply want DRA to receive only audit data for the databases that are in scope and profile those activities.
All of the exadata nodes in the cluster are set up in the server group, and the in-scope applications are setup under 1 database service to allow for accurate application profiling.
We are not trying to filter out useful elements from our exadatas, we just want to have control over the database traffic that we monitor with the DRA. At this time, we are receiving too much data for databases that we do not care to monitor at this time.
Is this possible?
------------------------------
samson adewale
GA
------------------------------
Original Message:
Sent: 07-02-2020 04:10
From: Stefan Pynappels
Subject: Filter Events that are forwarded to Data Risk Analytics
Hi Samson,
Is there a specific reason you are trying to filter out DBs?
Are you trying to filter out audit for only specific DBs within a Server Group/Service, or entire blocks of DBs making up an entire Server Group Service?
In general terms, DRA expects to get all audit data so that it can build up a very accurate picture of a normal traffic profile. If elements of the DB traffic/audit are filtered out at source, this affects the accuracy of the learning algorithms and this is undesireable as it could create false positives which are bad as they can dilute effort, or false negatives which are bad as they can miss bad activity.
------------------------------
Stefan Pynappels
Escalation Engineer
Imperva
Original Message:
Sent: 06-30-2020 17:14
From: samson adewale
Subject: Filter Events that are forwarded to Data Risk Analytics
Hello,
I have been trying to apply an advance filter criteria to the CounterBreach DAM AA1 audit policy so that only audit data that match event for a specific database is sent to Data Risk Analytics. So far the filtering failed.
Is there a reason why this filtering does not work when when matching on queries?
#DatabaseActivityMonitoring
------------------------------
samson adewale
GA
------------------------------