Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Reading logs from an application writing to a database

    Posted 03-09-2020 04:00
    Hi,

    I monitor a database server whose ERP Application is client based. There is a single account that writes to the database. 
    I have 2 challenges:-

    1.  I cannot identify the specific account that makes changes since its the single account that logs.
    2.  Values on the logs from the application are not human readable they are encrypted they appear as ????

    Anyone else who has experienced the same and how did you deal with it?

    #DatabaseActivityMonitoring

    ------------------------------
    Winnie Wanjohi
    Higher Education Loans Board
    Nairobi - Kenya
    ------------------------------


  • 2.  RE: Reading logs from an application writing to a database
    Best Answer

    Posted 03-09-2020 13:50
    Identifying the end-user can be a challenge when the service account is making the calls to the database. To see the end-user it is necessary to enrich the data. See https://docs.imperva.com/search?q=SQL%20user%20tracking for more information.
    If the values are encrypted. It may be necessary for the service account the Imperva GWs use to scan have the ability to encrypt/decrypt the database fields. See https://docs.imperva.com/search?q=encrypted%20database for more information.

    Thank you,
    Scott

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 3.  RE: Reading logs from an application writing to a database

    Posted 03-10-2020 05:02
    Thanks Scott,

    I will go through both documentation.

    ------------------------------
    Winnie Wanjohi
    Information Systems Security & Assurance Officer (ISSO)
    Higher Education Loans Board
    ------------------------------



  • 4.  RE: Reading logs from an application writing to a database
    Best Answer

    Posted 03-09-2020 13:56
    Imperva has an offering called ImpervaONE. It uses our CloudWAF, RASP, and DAM to track the user from the edge through to the DB. This also includes east-west transitions in your network. Contact your Imperva representative to learn more.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 5.  RE: Reading logs from an application writing to a database

    Posted 03-10-2020 05:04
    I will contact my Imperva representative for more details on this.

    Thank you.


    ------------------------------
    Winnie Wanjohi
    Information Systems Security & Assurance Officer (ISSO)
    Higher Education Loans Board
    ------------------------------