Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Unable to exclude Generic objects from Security and Audit Alerts

    Posted 7 days ago

    Greetings for the day fellow Imperva Community Members,

    Wish you all a very happy and a prosperous New Year.



    Requirement :-
    We have a requirement where the DDL commands on the database has to be monitored and required alerts should get Generated and necessary action to be taken.

    The following Query was put in Security and Audit Policies :-
    Operations- Advanced Creteria -> All DDL commands like alter , truncate, drop etc are added. and all databases were mapped.



    Issue:-
    For MSSQL database Servers when a user connects to a database using "microsoft sql server management studio" the following alert is getting generated.
    create table #tmp_sp_help_category.....
    and similar objects like #backups, #tmp, #Sver are shown in the alert column in the Security and Audit Alerts.

    Sample Image for reference

    There is no necessity to manage/monitor the above alert.

    What we have tried :-
    Match Cret :- Columns
    Exclude :- Table - sver, tmp, temp_vis

    above did not work

    so we have created a Global object in Generic Dictionary search and added the required objects and excluded them in the Policy



    The objects have been excluded from Security, Audit and also in AMR, but still the Alerts which contain "#" are still getting generated, these are false positives and we do not want the alerts getting generated in Imperva Application.

    I had Raised a case with Support portal, for which they have informed it is out of their purview to help,

    Request the community members to guide me in the right direction for the same,

    Thanks in advance


    #DatabaseActivityMonitoring

    ------------------------------
    Bharath Patil
    Manager
    Karnataka Bank Ltd.
    Bengaluru
    ------------------------------


  • 2.  RE: Unable to exclude Generic objects from Security and Audit Alerts

    Posted 5 days ago

    Hi Bharath,

    Please add Destination Tables option in Advanced Criteria and specify the condition as shown below:

    Regards,



    ------------------------------
    SBISOC 4430
    Manager
    Mumbai
    ------------------------------