Audit Guide

DataSunrise Centralized Console Overview DataSunrise Rules Best Practices Lua script discovers sensitive data in JSON files Security Guide Security Rules Against SQL Injections Audit Guide Learning Rules and Audit Rules Priority

Data auditing enables real-time database activity monitoring by logging comprehensive details for every query executed, including read, update, and delete actions. :contentReference[oaicite:0]{index=0} records both user activity and any modifications to database configurations or system settings. This guide walks through the steps required to configure DataSunrise to audit all queries on a chosen target database.

DataSunrise database security proxy architecture — DataSunrise Database Security operates in proxy mode, providing secure database access through dedicated proxy ports. The solution features an AI-assisted web console for intuitive management.

Audit logs are stored either in the DataSunrise-integrated SQLite database or in an external database. This logged data helps organizations meet requirements from regulatory standards such as SOX, HIPAA, PCI DSS, and other applicable regulations.

Data Audit functionality operates in both Sniffer and Proxy deployment modes. Within the Data Audit section, administrators can configure audit rules to monitor database activity and apply filters based on database users, client IP addresses, or application sources.

To enhance your understanding of data auditing, we highly recommend visiting our YouTube channel to watch our videos on this topic. These videos not only showcase our auditing solution but also familiarize you with alternative data auditing methods using native DBMS features.

The Importance of Database Auditing

Database auditing plays a vital role in identifying unauthorized access attempts, tracking administrative activity, and maintaining a complete history of actions performed on sensitive information. For organizations operating under regulations such as GDPR, SOX, HIPAA, and PCI DSS, maintaining visibility into data access and usage is a fundamental compliance requirement.

Using detailed auditing policies through platforms like DataSunrise, security teams can detect abnormal behavior more effectively, conduct investigations with greater precision, and produce audit records that support regulatory reviews. In the absence of proper auditing controls, unauthorized access, policy violations, and insider threats may remain undetected, increasing both financial exposure and reputational risk.

What is DataSunrise Data Audit?

DataSunrise Data Audit is a key platform capability that provides detailed visibility into database activity. It continuously monitors user actions and records queries, data modifications, and connection attempts in real time through proxy or sniffer deployment modes.

This monitoring helps organizations apply least-privilege access, oversee privileged user activity, and meet audit requirements under regulations such as HIPAA, SOX, and PCI DSS. Built-in filtering and alerting features also make it useful for incident investigations and ongoing compliance management.

Creating an Audit Rule

Let’s assume that you’ve already created the target database profile. Then to audit our test database, it is necessary to create and configure an Audit Rule. In this case, the sequence of actions is the following:

Navigate to Audit → Rules. Then click Add Rule to create a new Audit Rule.
Configure your Audit Rule to log all queries to the database (see notes below).

Database audit rule general settings — Configure audit rule settings with a custom name while the database type is automatically determined based on the selected instance.

In the Main section subsection, the target database information is specified. It includes database type (PostgreSQL), database instance (as the target database entry is named in the Configurations) and the Rule’s logical name.

Audit rule action settings — The ‘Save Event in Audit Storage’ option enables event logging and can be toggled to pause logging while keeping the rule active.

By default, the “Audit” action is selected. It means that DataSunrise will audit user queries when the rule is triggered. To log database responses (the output), the Log Data checkbox is checked.

Since the current scenario requires all user queries to be audited, Filter Sessions are left as by default. Thus, any query to the database regardless of its source IP address will trigger the rule.

Audit rule filter settings — Specify database objects to audit using filter statements. In this case it’s left empty to capture all queries.

Filter Statements settings are as by default as well. Thus, DataSunrise will audit all queries directed to all database objects.

Viewing Database Audit Results

This stage includes demonstration of auditing results. The Audit Rule which was created at the previous stage is configured to be triggered by any incoming user query. Here’s what happens when DataSunrise receives a user query.

Let’s send the following query via PGAdmin:

SELECT * FROM public.customers;

The database outputs the table contents:

Now let’s check the auditing results in the DataSunrise’s Web Console. Navigate to the Data Audit → Transactional Trails subsection.
To view detailed information about some event, click event’s ID. In a new tab, the event’s details will be displayed: code of the query, basic information, session information, database objects involved in the query and the query results.

Each event logs comprehensive metadata including IP addresses, application names, timestamps, and execution details.

Database audit event details showing transaction information — Transaction trails contain clickable events, with detailed information available for each event.

Scrolling down reveals additional event details, including the complete SQL query statement and database objects the query touches. The query accessed sensitive data fields including credit card numbers, email addresses, and ZIP codes.

Database audit event query details — Detailed SQL query view showing the executed transaction statement.

Query results can be displayed, but enabling this feature significantly impacts audit database storage consumption.

Database query results view — Query results are displayed below the event when result logging is enabled.

Real-World Use Cases: Applying DataSunrise Data Audit

The DataSunrise Data Audit engine isn’t just a logging tool—it’s a compliance enabler and incident response ally. Here’s how organizations use it to meet regulatory and operational requirements in live environments:

Use Case	How DataSunrise Helps
SOX Compliance	Tracks privileged user activity on financial systems and logs changes to critical configurations. Supports external audit reviews with detailed transaction histories.
HIPAA Monitoring	Audits all queries involving PHI, including read access to medical records. Captures session metadata for accountability and breach investigation.
PCI DSS Enforcement	Monitors credit card data access in real time and logs queries that touch PAN fields. Supports alerting on unauthorized access attempts.
Data Exfiltration Detection	Flags suspicious query volumes, DUMP statements, and unapproved exports—especially from new IPs or clients.
Insider Threat Visibility	Captures admin actions, schema modifications, and unusual object access—all correlated with user identities and timestamps.

Because DataSunrise works at the proxy layer, it can enforce auditing even when the database’s native logging is disabled or bypassed. This makes it an essential part of modern data security and governance strategies.

Conclusion

Database auditing is essential for maintaining oversight of database operations, identifying suspicious behavior, and meeting regulatory obligations. Without comprehensive audit trails, organizations may struggle to understand who accessed sensitive data, what actions were performed, and whether established security controls were followed. A well-designed auditing strategy provides the visibility necessary to support investigations, strengthen accountability, and improve security monitoring.

DataSunrise helps organizations achieve these goals through centralized auditing of database activity, user sessions, transactions, and SQL operations. Using proxy-based monitoring, detailed policy management, and in-depth session tracking, the platform provides a clear view of how sensitive information is accessed, modified, and utilized across database environments.

By consolidating audit data into a single platform, organizations can streamline investigations, enhance compliance reporting, and improve their ability to identify unauthorized access or unusual activity. Security teams can examine user actions, review policy violations, investigate anomalies, and generate audit evidence for standards such as SOX, HIPAA, PCI DSS, and GDPR without depending exclusively on native database audit capabilities.

From securing a small number of business-critical databases to managing large-scale hybrid and multi-cloud infrastructures, DataSunrise delivers the monitoring, scalability, and administrative control needed for effective auditing. Through continuous visibility, policy-driven oversight, and compliance-focused reporting, organizations can strengthen governance practices, reduce security risks, and better protect sensitive data assets.