Imperva Cyber Community

communities_1.jpg
 View Only
Expand all | Collapse all

Criteria to verify one parameter in the query

  • 1.  Criteria to verify one parameter in the query

    Posted 08-22-2024 08:40

    I am lookin for a criteria to check a value inside of a Query and create an audit policy for that value.

    In the first example I need to look for VWCODIGO = 5. If the query has a 5 for that value is going to trigger the audit policy. But so far I cant find the match criteria needed to Check the table first then check parameter VWCODIGO and then check if the value =5

    Any suggestion

    #DatabaseActivityMonitoring
    #ImpervaAgent

    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------


  • 2.  RE: Criteria to verify one parameter in the query

    Posted 08-22-2024 09:12
    Edited by Cezmi Cal 08-22-2024 10:10

    Hi Gerson,

    You can follow the steps described at here https://community.imperva.com/discussion/alert-to-be-generated-based-on-a-sql-query#bm531820df-8a68-4c82-a5f8-019010cc7cf5

    The procedure is similar but described for security policy. I mean, you should create an audit policy at last step.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 3.  RE: Criteria to verify one parameter in the query

    Posted 25 days ago
    Hello Cezmi
    I try this
    My Query
    But the audit policy is not returning a single match


    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 4.  RE: Criteria to verify one parameter in the query

    Posted 24 days ago

    Hello Gerson,

    What do you mean by single match? What is your exact goal?

    based on your policy, if raw query contains "R00011" string, it will be audited. And the last screenshot shows that it is working as expected if i am not wrong.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 5.  RE: Criteria to verify one parameter in the query

    Posted 24 days ago

    Hello

    That audit is the Default event policy. We use it as track the data but in the main audit policy we are using to audit that parameter R00011 is not working with the criteria



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 6.  RE: Criteria to verify one parameter in the query

    Posted 24 days ago

    My exacto goal is audit the query when the parameter R00011 appears in the query. Very simple but for some reason is not working



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 7.  RE: Criteria to verify one parameter in the query

    Posted 23 days ago

    could you change your dictionary like the screenshot below and inform me about the results please



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 8.  RE: Criteria to verify one parameter in the query

    Posted 23 days ago

    or like below



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 9.  RE: Criteria to verify one parameter in the query

    Posted 22 days ago

    I just tried but didn't work. Not sure where is the issue



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 10.  RE: Criteria to verify one parameter in the query

    Posted 18 days ago
    Edited by Cezmi Cal 18 days ago

    Are you sure about the policy is applied to correct SG? I have tested on my lab environment and it is working as expected.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 11.  RE: Criteria to verify one parameter in the query

    Posted 15 days ago

    Can you show your LAB dictionary and criteria please. 



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 12.  RE: Criteria to verify one parameter in the query

    Posted 12 days ago

    I added all steps with ordered below:

    1- Generic Dictionary

    2- Audit Policy

    3- SQL Query Execution

    4- DB Audit Data

    Hope it helps



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------