Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  How DSF capture end user details for Audit data

    Posted 02-08-2023 11:14
    Need to understand how Imperva DSF is capture RDS db activity with end user details. Is it provide information at granular level even if IAM role or support Group role associated?

    Thanks
    Vishal
    #CloudDataSecurity
    #DatabaseActivityMonitoring

    ------------------------------
    Vishal Navale
    Security Engineer
    Ally Financial Inc
    Detroit MI
    ------------------------------


  • 2.  RE: How DSF capture end user details for Audit data
    Best Answer

    Posted 02-09-2023 09:57

    Step 1 of onboarding assets into a DSF is enable auditing on said database. 

    Once auditing is enabled, the database server logs which user connected, from where to which table , what queries etc. This log is what is parsed by the DSF and it can find out user.

    Examples:

    From MariaDB Audit Logging Page:

    the purpose of the MariaDB Audit Plugin is to log the server's activity. For each client session, it records who connected to the server (i.e., user name and host), what queries were executed, and which tables were accessed and server variables that were changed.

    You can check the how to onboard various databases to DSF and almost in all config, the first step is to enable auditing. Enabling audit can be something simple as changing a config or installing a plugin.



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: How DSF capture end user details for Audit data

    Posted 02-09-2023 12:40

    Thanks Sarvesh for the information. 

    Is it applicable to RDS?



    ------------------------------
    Vishal Navale
    Security Engineer
    Ally Financial Inc
    Detroit MI
    ------------------------------



  • 4.  RE: How DSF capture end user details for Audit data

    Posted 02-09-2023 13:06

    Yes. Similar process,

    Please see below documentation:

    https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Onboarding-an-AWS-RDS-Database-to-Imperva-Sonar---Overview_212011718.html

    The IAM role is only for permissions to access the cloudwatch and/or S3 Buckets as needed. See the IAM specification here.

    Regards



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------