Imperva Cyber Community

Expand all | Collapse all

Audit for data extraction from data warehouse

  • 1.  Audit for data extraction from data warehouse

    Posted 01-13-2020 09:10
    Hi Team,

    Does Imperva DAM able to monitor which db user that performs data extraction on specific DB/ data warehouse?


    I have try to create a custom policy to address this by selected privilege operation (copy action) and command groups. 
    However, from Db audit doesn't seems to appears any events or hit.


    Seeking for guidance on policy creation for this matters.
    #DatabaseActivityMonitoring

    ------------------------------
    Vincent Voo

    ------------------------------


  • 2.  RE: Audit for data extraction from data warehouse

    Impervian
    Posted 01-14-2020 07:14
    Hi Vincent,

    Could you change the "Event Type" criterion as including "Query" and try it again?

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------



  • 3.  RE: Audit for data extraction from data warehouse

    Posted 01-20-2020 20:44
    Hi Cez,

    The reason I dont want to include "Query" on the event type is because this might generate a lot of transaction result as database admin doing query daily.
    Therefore, I am looking for specific setting that I can set so that DAM able to monitor is there someone accessing and extracting data from the specific data warehouse.




    ------------------------------
    Vincent Voo
    M-Security Technology Sdn Bhd
    ------------------------------



  • 4.  RE: Audit for data extraction from data warehouse

    Impervian
    Posted 01-22-2020 07:52
    Hi Vincent,

    Without adding "Query" event type, you cannot see any query (only login and logout events you can see) in audit data as I know.

    BTW, all enabled (match) criterions in a policy are ANDed as I know; so adding "Query" event type should not generate irrelevant events for this policy that you shared the screenshots.

    ------------------------------
    cezmi çal
    technical expert
    Barikat Cyber Security
    ------------------------------