Imperva Cyber Community

We have an inventory list of DB applications containing DB users and their legitimate source IP addresses. Can we populate each DB Applications' profiles from this list?

Or is there any API support for building DB Applications' profiles that we may do it with scripting?

Thanks.
#DatabaseActivityMonitoring

------------------------------
cezmi çal
technical expert
Barikat Cyber Security
------------------------------

At the current time there is no way to update the profile from a  file.

the purpose of profiling is to learn who is accessing the DB and what they are doing. 
This is designed to dynamic and learn from actual activity.

If we allowed profiles to be updated in a manual manner we would open the door for malicious activity to be seen as acceptable behavior.
For example, I may update the profile to show I am a authorized user and have the ability to execute privileged operations. Then I access the DB  and extract PII.
If the profile has been updated to show this is an acceptable activity then there would be no alert generated, and no record of what I just did.

Hi Phil,

Thanks for reply. First of all, as I know, we can edit the profile manually.

Then, as a DBA if I know all of my DB environment and have an inventory list of all DBs, users and legitimate IP addresses of the users; I want to build my DB profile from this list and do not want Imperva to learn any new user and IP addresses but It can learn new query groups, tables, applications etc. Moreover, I treat any other IP addresses and users as anomaly or threat.

------------------------------
cezmi çal
technical expert
Barikat Cyber Security
------------------------------

Original Message:
Sent: 12-11-2019 09:38
From: Phil Klassen
Subject: Updating/Building DB Profile from an inventory (csv, etc.)

At the current time there is no way to update the profile from a  file.

the purpose of profiling is to learn who is accessing the DB and what they are doing. 
This is designed to dynamic and learn from actual activity.

If we allowed profiles to be updated in a manual manner we would open the door for malicious activity to be seen as acceptable behavior.
For example, I may update the profile to show I am a authorized user and have the ability to execute privileged operations. Then I access the DB  and extract PII.
If the profile has been updated to show this is an acceptable activity then there would be no alert generated, and no record of what I just did.



------------------------------
Phil Klassen

Original Message:
Sent: 12-06-2019 03:04
From: cezmi çal
Subject: Updating/Building DB Profile from an inventory (csv, etc.)

We have an inventory list of DB applications containing DB users and their legitimate source IP addresses. Can we populate each DB Applications' profiles from this list?

Or is there any API support for building DB Applications' profiles that we may do it with scripting?

Thanks.
#DatabaseActivityMonitoring

------------------------------
cezmi çal
technical expert
Barikat Cyber Security
------------------------------