Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Audit for data extraction from data warehouse

    Posted 01-13-2020 09:10
    Edited by Vincent Voo 01-13-2020 11:36
    Hi Team,

    Does Imperva DAM able to monitor which db user that performs data extraction on specific DB/ data warehouse?


    I have try to create a custom policy to address this by selected privilege operation (copy action) and command groups. 
    However, from Db audit doesn't seems to appears any events or hit.


    Seeking for guidance on policy creation for this matters.
    #DatabaseActivityMonitoring

    ------------------------------
    Vincent Voo

    ------------------------------


  • 2.  RE: Audit for data extraction from data warehouse

    Posted 01-14-2020 07:14
    Hi Vincent,

    Could you change the "Event Type" criterion as including "Query" and try it again?

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------



  • 3.  RE: Audit for data extraction from data warehouse

    Posted 01-20-2020 20:44
    Edited by Vincent Voo 01-20-2020 20:44
    Hi Cez,

    The reason I dont want to include "Query" on the event type is because this might generate a lot of transaction result as database admin doing query daily.
    Therefore, I am looking for specific setting that I can set so that DAM able to monitor is there someone accessing and extracting data from the specific data warehouse.




    ------------------------------
    Vincent Voo
    M-Security Technology Sdn Bhd
    ------------------------------



  • 4.  RE: Audit for data extraction from data warehouse
    Best Answer

    Posted 01-22-2020 07:52
    Hi Vincent,

    Without adding "Query" event type, you cannot see any query (only login and logout events you can see) in audit data as I know.

    BTW, all enabled (match) criterions in a policy are ANDed as I know; so adding "Query" event type should not generate irrelevant events for this policy that you shared the screenshots.

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------