Greetings for the day fellow Imperva Community Members,
Wish you all a very happy and a prosperous New Year.
Requirement :-
We have a requirement where the DDL commands on the database has to be monitored and required alerts should get Generated and necessary action to be taken.
The following Query was put in Security and Audit Policies :-
Operations- Advanced Creteria -> All DDL commands like alter , truncate, drop etc are added. and all databases were mapped.
Issue:-
For MSSQL database Servers when a user connects to a database using "microsoft sql server management studio" the following alert is getting generated.
create table #tmp_sp_help_category.....
and similar objects like #backups, #tmp, #Sver are shown in the alert column in the Security and Audit Alerts.
Sample Image for reference
There is no necessity to manage/monitor the above alert.
What we have tried :-
Match Cret :- Columns
Exclude :- Table - sver, tmp, temp_vis
above did not work
so we have created a Global object in Generic Dictionary search and added the required objects and excluded them in the Policy
The objects have been excluded from Security, Audit and also in AMR, but still the Alerts which contain "#" are still getting generated, these are false positives and we do not want the alerts getting generated in Imperva Application.
I had Raised a case with Support portal, for which they have informed it is out of their purview to help,
Request the community members to guide me in the right direction for the same,
Thanks in advance
#DatabaseActivityMonitoring------------------------------
Bharath Patil
Manager
Karnataka Bank Ltd.
Bengaluru
------------------------------