Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  How do I Avoid Local User Access in profile with MSSQL

    Posted 03-14-2024 03:36

    Hi All,
    Greetings for the day!!

    We have observed that in the alerts, we are only able to see the local access user instead of username. Can anyone guide us on how to avoid the local access user and capture the username form MS SQL DB.


    #DatabaseActivityMonitoring

    ------------------------------
    Avinash Krishna ADDALA
    Security Expert
    Societe Generale
    PARIS
    ------------------------------


  • 2.  RE: How do I Avoid Local User Access in profile with MSSQL

    Posted 03-18-2024 11:56
    Edited by John Thompson 03-18-2024 11:59

    Hi Avinash,

    Can you possibly share an obfuscated screenshot and additional details to help clarify the problem and what you're expecting to see? 

    Also, are you stating that the username specified in an Alert differs from the username specified in the Audit data?  If so, are you looking at the console, or are you reviewing data in a SIEM or other central logging solution?  If not the MX console, you may want to review your Followed Action and Action Interface or Action Set regarding the event placeholders.

    For what it's worth, I've always really liked the simplicity of Joel Spolsky's* 3 tenets of problem reporting (*of Stack Overflow and Trello fame at Glitch/Fog Creek Software)

    Every good bug report needs exactly three things:

    1. Screenshot and/or Steps to reproduce,
    2. What you expected to see, and
    3. What you saw instead.

    .

    When you refer to "local access user" instead of username, the first thing that pops to mind for me is OS User Chaining or possibly SQL User Tracking.

    Whatever the case, can you clarify a little bit further?  Separately, you may want to open a support case, if you haven't already done so.

    Looking forward to hearing back from you!

    - JT

    ------------------------------
    John Thompson
    Director, Channel Presales
    Imperva
    San Diego CA
    ------------------------------

    Original Message


  • 3.  RE: How do I Avoid Local User Access in profile with MSSQL

    Posted 03-18-2024 19:51
    Edited by John Thompson 03-18-2024 20:15

    These articles regarding OS User Chaining on MS-SQL may be helpful, if you haven't already reviewed them:

    .

    Separately, if I may, have you consulted our Data Security Coverage Tool (DSCT) to see all of the options available to you with your specific OS, DB, and Imperva security solutions?

    Obviously, you need to consider your risk assessment of, and the value of, the data you're monitoring to your business, your customers, the board, etc.

    Having said that, especially if you're monitoring hundreds or thousands of databases, you can recognize significant value, time and resource savings, etc., by leveraging our Data Risk Analytics (DRA) solution and/or significant cost savings in terms of systems management, maintenance, resources, etc. related to dramatically increasing capacity/performance and reducing a traditional DAM footprint by leveraging Data Security Fabric's (DSF) security and compliance at scale?

    Regarding Scale, I thought you might find these videos/articles interesting:

    .

    Looking forward to keeping the conversation going.

    ------------------------------
    John Thompson
    Director, Channel Presales
    Imperva
    San Diego CA
    ------------------------------

    Original Message