Step 1 of onboarding assets into a DSF is enable auditing on said database.
Once auditing is enabled, the database server logs which user connected, from where to which table , what queries etc. This log is what is parsed by the DSF and it can find out user.
Examples:
From MariaDB Audit Logging Page:
the purpose of the MariaDB Audit Plugin is to log the server's activity. For each client session, it records who connected to the server (i.e., user name and host), what queries were executed, and which tables were accessed and server variables that were changed.
You can check the how to onboard various databases to DSF and almost in all config, the first step is to enable auditing. Enabling audit can be something simple as changing a config or installing a plugin.
------------------------------
Sarvesh Lad
Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
------------------------------
Original Message:
Sent: 02-08-2023 11:13
From: Vishal Navale
Subject: How DSF capture end user details for Audit data
Need to understand how Imperva DSF is capture RDS db activity with end user details. Is it provide information at granular level even if IAM role or support Group role associated?
Thanks
Vishal
#CloudDataSecurity
#DatabaseActivityMonitoring
------------------------------
Vishal Navale
Security Engineer
Ally Financial Inc
Detroit MI
------------------------------