Imperva Cyber Community

communities_1.jpg
 View Only
Expand all | Collapse all

How Imperva Capture if anybody logs in from Application server to database using application userid and password

  • 1.  How Imperva Capture if anybody logs in from Application server to database using application userid and password

    Posted 12-16-2021 11:12
    How imperva Capture if anybody logs in from Application server to database using application userid and password ... will Imperva able to find that?

    Example: like a individual user who has access to batch server and also has access to the batch user which runs batch jobs,  user sudos to that on that server and he has access to application userid/password in database he uses that to connect to database remotely and does some changes
    basically from the database server ... we will see it as batch server , batch user connected as application user and password ... which is a valid connection


    Thanks
    Vishal

    #DatabaseActivityMonitoring


  • 2.  RE: How Imperva Capture if anybody logs in from Application server to database using application userid and password

    Posted 12-23-2021 05:24

    Hi there,

    I connected with one of our tech team on this. They suggested some more detail and a diagram would be helpful, but this is their insight:

    We catch the user that connected to the database.
    If this user is connected locally to the DB, we can sometimes get the os-user-chain and get the source IP used to connect to the DB locally.
    If this is someone that used some application that has credentials to the DB, we will know only the credentials to the DB. If there is a need to know the original application user that somehow triggered the DB access - this require RASP. It's a more complex solution.

    Thanks,



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------