Imperva Cyber Community

Expand all | Collapse all

Reading logs from an application writing to a database

Jump to Best Answer
  • 1.  Reading logs from an application writing to a database

    Posted 19 days ago
    Hi,

    I monitor a database server whose ERP Application is client based. There is a single account that writes to the database. 
    I have 2 challenges:-

    1.  I cannot identify the specific account that makes changes since its the single account that logs.
    2.  Values on the logs from the application are not human readable they are encrypted they appear as ????

    Anyone else who has experienced the same and how did you deal with it?

    #DatabaseActivityMonitoring

    ------------------------------
    Winnie Wanjohi
    Higher Education Loans Board
    Nairobi - Kenya
    ------------------------------


  • 2.  RE: Reading logs from an application writing to a database
    Best Answer

    Imperva Employee
    Posted 19 days ago
    Identifying the end-user can be a challenge when the service account is making the calls to the database. To see the end-user it is necessary to enrich the data. See https://docs.imperva.com/search?q=SQL%20user%20tracking for more information.
    If the values are encrypted. It may be necessary for the service account the Imperva GWs use to scan have the ability to encrypt/decrypt the database fields. See https://docs.imperva.com/search?q=encrypted%20database for more information.

    Thank you,
    Scott

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 3.  RE: Reading logs from an application writing to a database

    Posted 18 days ago
    Thanks Scott,

    I will go through both documentation.

    ------------------------------
    Winnie Wanjohi
    Information Systems Security & Assurance Officer (ISSO)
    Higher Education Loans Board
    ------------------------------



  • 4.  RE: Reading logs from an application writing to a database
    Best Answer

    Imperva Employee
    Posted 19 days ago
    Imperva has an offering called ImpervaONE. It uses our CloudWAF, RASP, and DAM to track the user from the edge through to the DB. This also includes east-west transitions in your network. Contact your Imperva representative to learn more.

    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 5.  RE: Reading logs from an application writing to a database

    Posted 18 days ago
    I will contact my Imperva representative for more details on this.

    Thank you.


    ------------------------------
    Winnie Wanjohi
    Information Systems Security & Assurance Officer (ISSO)
    Higher Education Loans Board
    ------------------------------