How Do I Configure Database Audit?
Procedure | Operating Instruction |
Step 1: Add Assets | Add the database that needs to be audited by the system. For details, see Assets. |
Step 2: Install Agent | Install Agent for database auditing. For details, see Agent Management. |
Step 3: Configure Rules | Configure security rules and filtering rules for the database. For details, see Configure Rules. |
Step 4: Subscribe to Reports and Set Alarm Notifications | It is convenient for administrators to timely learn about the status and security alarms for the database. For details, see Subscribe to Reports and Alarm Notifications. |
How Do I Disable SSL for a Database?
The MySQL database client is used as an example. Perform the following steps:
Log in to the MySQL database client as the root user.
Run the following command to check the connection mode of the MySQL database:
\s
If information similar to the following is displayed, SSL has been disabled for the MySQL database.
SSL:Notinuse
If information similar to the following is displayed, SSL has been enabled for the MySQL database. Go to Step 3.
SSL:CipherinuseisXXX-XXX-XXXXXX-XXX
Log in to the MySQL database in SSL mode.
Run the following command to exit from the MySQL database:
exit
Log in to the MySQL database as the root user. Add the following parameters at the end of the login command:
--ssl-mode=DISABLED or --ssl=0
NOTICE:
If you log in to the MySQL database in SSL mode, you can disable SSL only for this login. To use the database audit function, log in to the MySQL database as instructed in this step.
Run the following command to check the connection mode of the MySQL database:
\s
If information similar to the following is displayed, SSL has been disabled for the MySQL database. |
SSL:Notinuse
How to Quickly Retrieve Logs in Database Audit?
Go to Log Query Analysis Menu > Log Retrieval Function and provide the time range, assets, type and other conditions to retrieve logs. Database Audit also supports keyword search and advanced (custom filtering logic conditions) queries, and saves commonly used history queries to facilitate subsequent rapid retrieval of required logs.
How Do I Set Alarm Rules for Database Audit?
Go to Rule Configuration Menu > Security Rules, enable the built-in rules or custom rules, configure the trigger conditions (e.g. sensitive databases, tables and fields, and behaviors) and risk levels for the alarm, and the alarm will be triggered based on the conditions. The alarm configuration can be continuously optimized to improve the accuracy of alarms.
How Do I View Reports and Analyze Reports in Database Audit?
Go to Report Center Module > Preview Reports, select a report, asset, and time range to generate the report.
What Do I Need to Do to Collect Database Audit Logs?
After entering the Database Audit, you need to configure the audit assets first, deploy Agent on the application/database server to generate audit logs, and enable the alarm rules to issue risk alarms on possible behaviors. Audit logs and alarm logs can be retrieved from the platform.