Hi Syed,
.
You may want to touch base with our professional services team or @Yaser Fahlah or @Thien-Trung Nguyen regarding your specific scenario.
Having said that, can you review and share your responses or the status of the following?
- Can you share a screenshot (obfuscated as necessary), or a definition of the exact policy you created?
- Is "DB User 1" listed as a User in the SecureSphere Database Profile?
- When you perform your test, do you have observable / audited traffic for "DB User 1"
- I believe you've already confirmed, just want to verify that you do see audit data for "DB User 1", and not just security alerts.
- Is the Database Profile locked?
- Is the audit data in clear text (ie.. readable)?
- Does the audit data for this database show any "unknown user" or "Hashed User"?
.
Thanks,
.
-- JT
------------------------------
John Thompson
Director, Channel Presales
Imperva
San Diego CA
------------------------------
Original Message:
Sent: 04-23-2024 12:18
From: Syed Abdul Wajid
Subject: Custom Security policy is not alerting but only SQL profile policy receives security & Audit alerts
Hello Team,
Kindly help me on below:
Custom Security policy is not alerting but only SQL profile policy receives security & Audit alerts.
Custom Security Policy-- DB User1 should not access Database by any tools like sqlplus to developer. but he should connect from only single application.
DAM agents are configured in sniffing mode with blocking on.
#DatabaseActivityMonitoring
------------------------------
Syed Abdul Wajid
Imperva Admin
NCGR - National Center for Government Resources Sys.Ministry of Finance - KSA
Riyadh
------------------------------