Imperva Cyber Community

 View Only

Baseline ( Audit policies )

  • 1.  Baseline ( Audit policies )

    Posted 12 days ago
    Dear All,

    I need your feedback on the below let's say baseline audit policies can we start with them.

    and if you have use cases and recommended audit policies.


    • DDL Command with the event:
    • Command group (Data Object Management – general object management)
    • Database user name (Exclude)

     

    • DML Command with the event:
    • Database user name (Exclude)
    • Operation (Delete, Insert, Update)

     

    • Modification sensitive data:
    • Operation (Delete, Insert, Update)
    • Table group (Classified object) or we can use:

     

    • Access sensitive data:
    • Operation (Select)
    • Table group (Classified object)

     

    • Privilege operation:
    • Command group (Users and Privilege management) "at least one"
    • Operation (privilege operations)

     

    • Creation of new Database:
    • Privileged operation "at least one" (create database, create schema)

     

    • Login Logout: without event

    #DatabaseActivityMonitoring

    ------------------------------
    Mohammad Alriaty
    System Engineer
    Cloud Distribution
    Riyadh
    ------------------------------