Learning Rules and Audit

Learning Rules and Audit

Database protection from DataSunrise is effected through sets of audit, security and masking rules. This approach makes protection very versatile and highly customizable. However, DataSunrise is constantly thinking how to make database protection even more user-friendly and efficient.

DataSunrise can analyze all corporate traffic and create a “white list” of database user operations considered safe for the given environment. So, in fact, this “white list” is an array of SQL statements, target database user names and database objects typical for the target database environment. Based on this “white list” database administrators can create audit, security and masking rules. Below are instructions on how to set up learning rules.

  1. Navigate Audit → Learning Rules and click Add Rule
  2. Learning Rules and Audit
  3. In the Main Section subsection give a name your learning rule, which can be anything. After that select a database type and instance to learn from.
  4. Learning Rules and Audit
  5. In the Filter Sessions subsections you can specify a user you’re creating this rule for or a group of users.
  6. Learning Rules and Audit

In the Action subsection you can select an action for the rule. It can be either Learn or Skip. In you choose Learn it means the all incoming queries will be logged and added to predefined SQL groups. If you choose Skip it means that incoming queries will be ignored. In addition, you can set up a schedule for the rule to be active.

Learning Rules and Audit

In the Filter SQL Statement subsection you can set the filter requirements to queries. Below is some additional information on the Filter SQL Statements subsection and further under it a screenshot for your reference.

Save Statements in the Group drop-down listAn SQL group DataSunrise should add logged statements to. Default groups are available. Click “Plus” (+) to add a new group to the list.
Save Objects in the Group drop-down listAn Object group DataSunrise should add logged objects to. Click “Plus” (+) to add a new group to the list.
Save Users in the Group drop-down listA User group DataSunrise should add logged users to. Click “Plus” (+) to add a new group to the list.
Save Applications check box (‘Yes’, ‘No’)Select Yes to create client applications names entries.
Learning Rules and Audit

After you’ve finished configuring a learning rule, don’t forget to click Save Rule. Now after we’ve “whitelisted” some queries it’s time to set up auditing rules. We can use the statements, objects, users and application information from the newly created learning rule in the audit rule below.

To set up an auditing rule we need to do the following:

  1. Navigate Audit → Rules → Add Rule
  2. Learning Rules and Audit
  3. Give a name to your audit rule. This name can be anything. Specify a database type and instance. In the Comment field you can add any comment.
  4. Learning Rules and Audit
  5. In the Action subsection you’ll see a lot of settings the most important of which is Log Event in Storage. Default setting as in the picture below will ensure reliable auditing of your database(s). Check the Skip checkbox if you want to skip this subsection.
  6. Learning Rules and Audit
  7. In the Filter Sessions add a condition for your audit rule. In the picture below by clicking Add Condition we’ve chosen to audit our Postgres database using a specific application – the pgadmin 3 query tool.
  8. Learning Rules and Audit
  9. In the Filter Statements subsection you can customize queries filtering. Let’s use filtering of statements by Query Group. For this we can use data from the learning rule we created earlier. For learning rules we set up the Statements_group_learning group. To do that select it from the Process Group of Query drop-down list. After that click Add Object Group. You can also select to Skip Group of Query. In our picture we selected to skip pgAdmin queries.
  10. Learning Rules and Audit

In the windows that shows up after clicking Add Object Group select the required object group. Below it’s Objects_group_learning from our learning rule and click Add Object Group.

Learning Rules and Audit

The specified object group appears in the Choose Object Groups section.

Learning Rules and Audit

Click Save at the bottom of the rule’s page to save it. From now on your auditing rule will be using data from your learning rule and is fully operational!

DataSunrise is the company that makes data protection highly efficient, versatile and user-friendly.

Download free 30 days Trial