Audit Guide

DataSunrise Centralized Console Overview DataSunrise Rules Best Practices Lua script discovers sensitive data in JSON files Security Guide Security Rules Against SQL Injections Audit Guide Learning Rules and Audit Rules Priority

Data auditing enables real-time database activity monitoring by capturing detailed records of every executed query, including reads, updates, and deletions. DataSunrise monitors both user actions and modifications to database configurations and system settings. This guide outlines how to set up DataSunrise to audit all queries on a chosen target database.

DataSunrise database security proxy architecture — DataSunrise Database Security operates in proxy mode, providing secure database access through dedicated proxy ports. The solution features an AI-assisted web console for intuitive management.

The audit logs are stored in the DataSunrise-integrated SQLite database or in an external database. Logged data helps to comply with requirements of regulatory standards such as SOX, HIPAA, PCI DSS, and other regulators and acts.

Data Audit function is available in Sniffer mode and in Proxy mode. You can create new Data Audit Rules or edit existing ones in the Data Audit section. Rules can be set to audit transaction on a certain database or from certain database users, IP addresses and client applications.

To enhance your understanding of data auditing, we highly recommend visiting our YouTube channel to watch our videos on this topic. These videos not only showcase our auditing solution but also familiarize you with alternative data auditing methods using native DBMS features.

Why Database Auditing Matters

Database auditing is critical for detecting unauthorized access, monitoring administrative actions, and keeping a reliable record of all operations involving sensitive data. This becomes especially important for organizations subject to regulations such as GDPR, SOX, HIPAA, and PCI DSS, where visibility into data access is not optional but required.

By applying granular auditing rules through platforms like DataSunrise, security teams can quickly identify suspicious activity, investigate incidents with greater accuracy, and generate audit records suitable for compliance checks. Without proper auditing in place, unauthorized actions or insider misuse can go unnoticed, leading to increased financial risk and reputational harm.

What is DataSunrise Data Audit?

DataSunrise Data Audit is a core feature of the platform that captures database activity in detail. It monitors user interactions continuously and records queries, data changes, and connection attempts in real time using proxy or sniffer deployment modes.

This level of monitoring allows organizations to enforce least-privilege principles, track privileged users, and satisfy auditing requirements defined by regulations such as HIPAA, SOX, and PCI DSS. Built-in filtering and alerting also enable the system to serve both as an incident investigation tool and a foundation for ongoing compliance.

Creating an Audit Rule

Let’s assume that you’ve already created the target database profile. Then to audit our test database, it is necessary to create and configure an Audit Rule. In this case, the sequence of actions is the following:

Navigate to Audit → Rules. Then click Add Rule to create a new Audit Rule.
Configure your Audit Rule to log all queries to the database (see notes below).

Database audit rule general settings — Configure audit rule settings with a custom name while the database type is automatically determined based on the selected instance.

In the Main section subsection, the target database information is specified. It includes database type (PostgreSQL), database instance (as the target database entry is named in the Configurations) and the Rule’s logical name.

Audit rule action settings — The ‘Save Event in Audit Storage’ option enables event logging and can be toggled to pause logging while keeping the rule active.

By default, the “Audit” action is selected. It means that DataSunrise will audit user queries when the rule is triggered. To log database responses (the output), the Log Data checkbox is checked.

Since the current scenario requires all user queries to be audited, Filter Sessions are left as by default. Thus, any query to the database regardless of its source IP address will trigger the rule.

Audit rule filter settings — Specify database objects to audit using filter statements. In this case it’s left empty to capture all queries.

Filter Statements settings are as by default as well. Thus, DataSunrise will audit all queries directed to all database objects.

Viewing Database Audit Results

This stage includes demonstration of auditing results. The Audit Rule which was created at the previous stage is configured to be triggered by any incoming user query. Here’s what happens when DataSunrise receives a user query.

Let’s send the following query via PGAdmin:

SELECT * FROM public.customers;

The database outputs the table contents:

Now let’s check the auditing results in the DataSunrise’s Web Console. Navigate to the Data Audit → Transactional Trails subsection.
To view detailed information about some event, click event’s ID. In a new tab, the event’s details will be displayed: code of the query, basic information, session information, database objects involved in the query and the query results.

Each event logs comprehensive metadata including IP addresses, application names, timestamps, and execution details.

Database audit event details showing transaction information — Transaction trails contain clickable events, with detailed information available for each event.

Scrolling down reveals additional event details, including the complete SQL query statement and database objects the query touches. The query accessed sensitive data fields including credit card numbers, email addresses, and ZIP codes.

Database audit event query details — Detailed SQL query view showing the executed transaction statement.

Query results can be displayed, but enabling this feature significantly impacts audit database storage consumption.

Database query results view — Query results are displayed below the event when result logging is enabled.

Real-World Use Cases: Applying DataSunrise Data Audit

The DataSunrise Data Audit engine isn’t just a logging tool—it’s a compliance enabler and incident response ally. Here’s how organizations use it to meet regulatory and operational requirements in live environments:

Use Case	How DataSunrise Helps
SOX Compliance	Tracks privileged user activity on financial systems and logs changes to critical configurations. Supports external audit reviews with detailed transaction histories.
HIPAA Monitoring	Audits all queries involving PHI, including read access to medical records. Captures session metadata for accountability and breach investigation.
PCI DSS Enforcement	Monitors credit card data access in real time and logs queries that touch PAN fields. Supports alerting on unauthorized access attempts.
Data Exfiltration Detection	Flags suspicious query volumes, DUMP statements, and unapproved exports—especially from new IPs or clients.
Insider Threat Visibility	Captures admin actions, schema modifications, and unusual object access—all correlated with user identities and timestamps.

Because DataSunrise works at the proxy layer, it can enforce auditing even when the database’s native logging is disabled or bypassed. This makes it an essential part of modern data security and governance strategies.

Conclusion

Reliable database auditing plays a key role in identifying suspicious activity, satisfying regulatory demands, and ensuring accountability across modern data environments. DataSunrise allows organizations to establish granular, real-time monitoring of database queries and transactions without degrading performance or interrupting operations.

Features such as role-based access control, proxy-level traffic inspection, and comprehensive session logging provide precise visibility into who accessed data, when it occurred, and through which connection. This results in a centralized audit trail that streamlines investigations, supports compliance with frameworks such as SOX, HIPAA, and PCI DSS, and minimizes the likelihood of unauthorized data exposure.

From monitoring a limited set of critical tables to overseeing large production environments, DataSunrise delivers the scalability, control, and precision required to protect sensitive data and maintain continuous compliance.