Imperva Cyber Community

communities_1.jpg
 View Only
Expand all | Collapse all

Criteria to verify one parameter in the query

  • 1.  Criteria to verify one parameter in the query

    Posted 08-22-2024 08:40

    I am lookin for a criteria to check a value inside of a Query and create an audit policy for that value.

    In the first example I need to look for VWCODIGO = 5. If the query has a 5 for that value is going to trigger the audit policy. But so far I cant find the match criteria needed to Check the table first then check parameter VWCODIGO and then check if the value =5

    Any suggestion

    #DatabaseActivityMonitoring
    #ImpervaAgent

    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------


  • 2.  RE: Criteria to verify one parameter in the query

    Posted 08-22-2024 09:12
    Edited by Cezmi Cal 08-22-2024 10:10

    Hi Gerson,

    You can follow the steps described at here https://community.imperva.com/discussion/alert-to-be-generated-based-on-a-sql-query#bm531820df-8a68-4c82-a5f8-019010cc7cf5

    The procedure is similar but described for security policy. I mean, you should create an audit policy at last step.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 3.  RE: Criteria to verify one parameter in the query

    Posted 09-17-2024 11:59
    Hello Cezmi
    I try this
    My Query
    But the audit policy is not returning a single match


    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 4.  RE: Criteria to verify one parameter in the query

    Posted 09-18-2024 06:17

    Hello Gerson,

    What do you mean by single match? What is your exact goal?

    based on your policy, if raw query contains "R00011" string, it will be audited. And the last screenshot shows that it is working as expected if i am not wrong.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 5.  RE: Criteria to verify one parameter in the query

    Posted 09-18-2024 16:50

    Hello

    That audit is the Default event policy. We use it as track the data but in the main audit policy we are using to audit that parameter R00011 is not working with the criteria



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 6.  RE: Criteria to verify one parameter in the query

    Posted 09-18-2024 16:51

    My exacto goal is audit the query when the parameter R00011 appears in the query. Very simple but for some reason is not working



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 7.  RE: Criteria to verify one parameter in the query

    Posted 09-19-2024 11:10

    could you change your dictionary like the screenshot below and inform me about the results please



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 8.  RE: Criteria to verify one parameter in the query

    Posted 09-19-2024 11:14

    or like below



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 9.  RE: Criteria to verify one parameter in the query

    Posted 09-20-2024 11:19

    I just tried but didn't work. Not sure where is the issue



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 10.  RE: Criteria to verify one parameter in the query

    Posted 09-24-2024 09:18
    Edited by Cezmi Cal 09-24-2024 10:18

    Are you sure about the policy is applied to correct SG? I have tested on my lab environment and it is working as expected.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 11.  RE: Criteria to verify one parameter in the query

    Posted 09-27-2024 15:04

    Can you show your LAB dictionary and criteria please. 



    ------------------------------
    Gerson Acevedo
    Ingeniero De Implementación Y Soporte
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------



  • 12.  RE: Criteria to verify one parameter in the query

    Posted 09-30-2024 05:56

    I added all steps with ordered below:

    1- Generic Dictionary

    2- Audit Policy

    3- SQL Query Execution

    4- DB Audit Data

    Hope it helps



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------