Imperva Cyber Community

Hello Team,

Kindly help me on below:

Custom Security policy is not alerting but only SQL profile policy receives security & Audit alerts.

Custom Security Policy-- DB User1 should not access Database by any tools like sqlplus to developer. but he should connect from only single application.

DAM agents are configured in sniffing mode with blocking on.

#DatabaseActivityMonitoring

------------------------------
Syed Abdul Wajid
Imperva Admin
NCGR - National Center for Government Resources Sys.Ministry of Finance - KSA
Riyadh
------------------------------

Hi Syed,

.

You may want to touch base with our professional services team or @Yaser Fahlah or @Thien-Trung Nguyen regarding your specific scenario.

Having said that, can you review and share your responses or the status of the following?

1. Can you share a screenshot (obfuscated as necessary), or a definition of the exact policy you created?
2. Is "DB User 1" listed as a User in the SecureSphere Database Profile?
3. When you perform your test, do you have observable / audited traffic for "DB User 1"
   1. I believe you've already confirmed, just want to verify that you do see audit data for "DB User 1", and not just security alerts.
4. Is the Database Profile locked?
5. Is the audit data in clear text (ie.. readable)?
6. Does the audit data for this database show any "unknown user" or "Hashed User"?

.

Thanks,

.

-- JT

------------------------------
John Thompson
Director, Channel Presales
Imperva
San Diego CA
------------------------------