Imperva Cyber Community

Hi Imperva cyber community friends, I'm want to create a new audit but i am confused about determining the appropriate match criteria for the new audit.
1. match criteria that are suitable for auditing new DB users
2. match criteria that are suitable for auditing permission changes
3. match criteria that are suitable for auditing Priviliged Account Usage

Thankyou very much

#DatabaseActivityMonitoring

------------------------------
Dicky a Setiono
Security Engineer
BANK BNI SYARIAH, PT
Jakarta
------------------------------

Hi Dicky, 

I would suggest creating an audit policy and then narrowing it down based on matching criteria. 

 https://docs.imperva.com/bundle/v14.15-database-activity-monitoring-user-guide/page/1670.htm

Best, 

Vihar

------------------------------
Vihar Desai
------------------------------

Hi Dicky,

To create a new audit policy, go to the Policies menu -> Audit and create one.

AD1

To audit the new DB users, you should create an audit policy with the criteria "Database User Name" but exclude all known DB users. To recognize the new DB Users can help you Security SQL Profile Policy -> criteria "Unauthorized Database User".

AD2

Auditing permission changes - you have to know which SQL commands can change the permissions: GRANT, REVOKE, DENY

you should create an audit policy with the criteria "Privileges operations" and add the above commands.

 AD3.

and the last one.

It is very similar to the first policy, but you should prefer a policy for all privileged users without exclusion. If users do a lot of  SQL HITS, you should consider creating one policy per privileged user.

------------------------------
Karol Gruszczynski
IT Security Expert
Trafford IT Sp. z o.o.
Warszawa
------------------------------

Thankyou very much karol, your feedback give me a solution

------------------------------
Dicky a Setiono
Security Engineer
BANK BNI SYARIAH, PT
Jakarta
------------------------------

Original Message:
Sent: 05-16-2024 08:00
From: Karol Gruszczynski
Subject: Help me about create new audit

Hi Dicky,

To create a new audit policy, go to the Policies menu -> Audit and create one.

AD1

To audit the new DB users, you should create an audit policy with the criteria "Database User Name" but exclude all known DB users. To recognize the new DB Users can help you Security SQL Profile Policy -> criteria "Unauthorized Database User".

AD2

Auditing permission changes - you have to know which SQL commands can change the permissions: GRANT, REVOKE, DENY

you should create an audit policy with the criteria "Privileges operations" and add the above commands.

 AD3.

and the last one.

It is very similar to the first policy, but you should prefer a policy for all privileged users without exclusion. If users do a lot of  SQL HITS, you should consider creating one policy per privileged user.

------------------------------
Karol Gruszczynski
IT Security Expert
Trafford IT Sp. z o.o.
Warszawa
------------------------------