Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Help me about create new audit

    Posted 13 days ago

    Hi Imperva cyber community friends, I'm want to create a new audit but i am confused about determining the appropriate match criteria for the new audit.
    1. match criteria that are suitable for auditing new DB users
    2. match criteria that are suitable for auditing permission changes
    3. match criteria that are suitable for auditing Priviliged Account Usage

    Thankyou very much


    #DatabaseActivityMonitoring

    ------------------------------
    Dicky a Setiono
    Security Engineer
    BANK BNI SYARIAH, PT
    Jakarta
    ------------------------------


  • 2.  RE: Help me about create new audit

    Posted 11 days ago

    Hi Dicky, 

    I would suggest creating an audit policy and then narrowing it down based on matching criteria. 

     https://docs.imperva.com/bundle/v14.15-database-activity-monitoring-user-guide/page/1670.htm

    Best, 

    Vihar



    ------------------------------
    Vihar Desai
    ------------------------------



  • 3.  RE: Help me about create new audit
    Best Answer

    Posted 10 days ago
    Edited by Dicky a Setiono 6 days ago

    Hi Dicky,

    To create a new audit policy, go to the Policies menu -> Audit and create one.

    AD1

    To audit the new DB users, you should create an audit policy with the criteria "Database User Name" but exclude all known DB users. To recognize the new DB Users can help you Security SQL Profile Policy -> criteria "Unauthorized Database User".

    AD2

    Auditing permission changes - you have to know which SQL commands can change the permissions: GRANT, REVOKE, DENY

    you should create an audit policy with the criteria "Privileges operations" and add the above commands.

     AD3.

    and the last one.

    It is very similar to the first policy, but you should prefer a policy for all privileged users without exclusion. If users do a lot of  SQL HITS, you should consider creating one policy per privileged user.



    ------------------------------
    Karol Gruszczynski
    IT Security Expert
    Trafford IT Sp. z o.o.
    Warszawa
    ------------------------------



  • 4.  RE: Help me about create new audit

    Posted 9 days ago

    Thankyou very much karol, your feedback give me a solution



    ------------------------------
    Dicky a Setiono
    Security Engineer
    BANK BNI SYARIAH, PT
    Jakarta
    ------------------------------