Rule Configuration
Rule configuration refers to defining dangerous behaviors (security rules), trusted behaviors (trust rules), and non-audit behaviors (filtering rules) based on some characteristics (e.g. clients, servers, and SQL statements). When the system detects that the operation on the database matches the filtering rules, the behavior will not be audited. When the operation matches the trust rules, the alarm will not be triggered, but when the operation matches the security rules, an alarm is triggered.
The order of the rule matching is:
1. Filtering rules;
2. Trust rules;
3. Security rules.
Configuring Filtering Rules
Filtering rules filter operations based on certain specific conditions. The system does not audit these operations, thereby saving the disk space of the device for the limited resources to be used to store valuable audit data.
There are three filtering methods:
l Filter by IP: Set trusted IP addresses, and the system will not audit SQL requests initiated from these IP addresses.
l Filter by SQL template: Set trusted SQL templates. If the template of the SQL statement is a filtering template set, no audit will be performed.
l Filter by rules: Audit based on specific conditions. The rules include client information, server information, SQL requests, and SQL results.
l Add New Assets and Asset Accounts
Before using a Cloud Bastion Host (CBH) for O&M, the administrator needs to add the host assets and host accounts to the CBH system.
Configure Trust Rules
1. In the left menu, select Configure Rules > Trust Rules to enter the Trust Rules page.
2. Click Add and edit the relevant information in the new rule dialog box that pops up. See the Trust Rules section for specific parameters.
3. After completing the configuration, click Save to complete the configuration of the trust rules.
Configure Security Rules
Built-in rules cannot be changed and are recommended by default. You can switch to all rules by clicking the Recommended button in the upper right corner of the interface.
You can manage custom rules. To add custom security rules, follow the steps below:
1. In the menu, select Configure Rules > Security Rules to enter the Security Rules page, select the Manage Rules tab, and click Add.
2. Fill in the relevant parameters in the pop-up dialog box. Then, click Save to complete the addition of the new security rules. See the Security Rules section for specific parameters.