DataSunrise Achieves AWS DevOps Competency Status in AWS DevSecOps and Monitoring, Logging, Performance

Database Audit for Cloudberry

Database Audit for Cloudberry

Database audit for Cloudberry provides essential security controls in an environment of increasing data risks. The Identity Theft Resource Center reported 3,205 data breaches in 2023. These breaches affected 349 million people. This is a 78% increase from last year. Organizations can strengthen their security posture through effective database auditing practices. This article examines Cloudberry’s audit capabilities and practical implementation approaches for protecting organizational data.

Understanding Cloudberry Native Database Audit

Cloudberry provides powerful native database auditing capabilities that help organizations track and monitor database activities. These features leverage SQL language components, including views and stored procedures, to maintain detailed audit trails of database operations.

Core Audit Features

Cloudberry’s native audit functionality includes:

  • Real-time monitoring of database operations
  • Detailed activity logging with timestamp and user information
  • Customizable audit rules and filters
  • Integration with existing security frameworks
  • Performance optimization for minimal impact on database operations

Setting Up Basic Database Auditing

To implement native database auditing in Cloudberry, follow these steps:

-- Create audit table
CREATE TABLE audit_log (
    audit_id SERIAL PRIMARY KEY,
    table_name VARCHAR(50),
    operation_type VARCHAR(20),
    modified_by VARCHAR(50),
    modification_time TIMESTAMP,
    old_value TEXT,
    new_value TEXT
);
-- Create audit trigger function
CREATE OR REPLACE FUNCTION audit_trigger_function()
RETURNS TRIGGER AS $$
BEGIN
    IF TG_OP = 'INSERT' THEN
        INSERT INTO audit_log (
            table_name, 
            operation_type, 
            modified_by, 
            modification_time, 
            new_value
        ) VALUES (
            TG_TABLE_NAME,
            TG_OP,
            current_user,
            current_timestamp,
            row_to_json(NEW)::text
        );
    END IF;
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

Using Cloudberry CLI for Audit Management

Cloudberry’s command-line interface provides essential tools for managing audit settings and viewing audit logs. Here are executed examples with their outputs:

Enable auditing for login events:

ALTER DATABASE CloudberryDB
SET AUDIT_CONTROL = 'LOGIN_AUDIT';

-- Output:
Database altered.

Query recent login audit events:

SELECT event_time, 
       login_name, 
       client_ip, 
       action_name
FROM sys.dm_audit_actions
WHERE event_time > DATEADD(hour, -24, GETDATE())
ORDER BY event_time DESC;
Example Output:

event_timelogin_nameclient_ipaction_name
2024-02-04 15:30:22admin_user192.168.1.100LOGIN
2024-02-04 15:28:15app_service192.168.1.101FAILED_LOGIN
2024-02-04 15:25:01audit_user192.168.1.102LOGOUT

View audit specifications:

SELECT audit_id,
       name,
       status_desc,
       audit_file_path
FROM sys.server_audits;
Example Output:

audit_idnamestatus_descaudit_file_path
1SecurityAuditACTIVE/var/log/audit/
2AccessAuditACTIVE/var/log/audit/

Check failed login attempts in the last hour:

SELECT event_time,
       server_principal_name,
       client_ip,
       error_number
FROM sys.fn_get_audit_file
WHERE action_name = 'FAILED_LOGIN'
AND event_time > DATEADD(hour, -1, GETDATE());
Example Output:

event_timeserver_principal_nameclient_iperror_number
2024-02-04 15:45:22unknown_user192.168.1.15018456
2024-02-04 15:42:15test_account192.168.1.15118452

Analyzing Audit Data

To connect and analyze audit data, use the following SQL queries:

-- Query audit logs for specific time period
SELECT 
    table_name,
    operation_type,
    modified_by,
    modification_time,
    new_value
FROM audit_log
WHERE modification_time >= NOW() - INTERVAL '24 hours'
ORDER BY modification_time DESC;

DataSunrise: Advanced Database Audit for Cloudberry

While Cloudberry provides native database audit functionality, there are cases where organizations require more advanced auditing capabilities. This is where DataSunrise comes into play.

DataSunrise is a leading database security solution that offers advanced database audit capabilities for Cloudberry, enhancing visibility, compliance, and security. You can integrate DataSunrise with Cloudberry to provide granular audit tracking, including real-time alerts and detailed activity logs. The solution enables organizations to better protect their sensitive data by identifying unauthorized access, potential threats, and abnormal behavior patterns.

Creating a DataSunrise Instance

To get started with DataSunrise for Cloudberry, the first step is to create a DataSunrise instance. This involves setting up the DataSunrise platform, which includes configuring connections to your Cloudberry-managed databases.

  1. Install DataSunrise – Follow the installation process for DataSunrise.
  2. Connect to Cloudberry Database – Set up a connection between DataSunrise and your Cloudberry database.
  3. DataSunrise Database Monitoring Dashboard Overview
    DataSunrise Database Monitoring Dashboard
  4. Configure Audit Rules – Define audit policies for your sensitive data, including tracking access to specific tables or columns.
  5. DataSunrise Audit Rule Configuration Interface
    Creating Custom Audit Rules in DataSunrise Interface
  6. Check Audit Results – Proceed to the “Transactional Trails” tab and click on the audit rule to see the results of the audit.
  7. Detailed Audit Trail Log View in DataSunrise
    Expanded View of Database Audit Trail with Detailed Event Information

Benefits of Using DataSunrise’s Security Suite

By integrating DataSunrise with Cloudberry, you gain several benefits:

  • Centralized Control: Manage all masking and auditing policies from a single interface.
  • Real-Time Alerts: Receive notifications for suspicious activities, ensuring immediate responses to potential threats.
  • Compliance: Meet regulatory requirements, such as GDPR and HIPAA, by monitoring and controlling access to sensitive data.
  • Granular Auditing: Track every access, modification, or deletion of data, providing a comprehensive audit trail.

Optimizing Database Audit Implementation

Policy Management: Organizations should establish regular review cycles to evaluate and update audit policies based on emerging threats and compliance requirements. This proactive approach ensures audit coverage remains aligned with security objectives.

Data Retention: Implementing appropriate retention periods helps balance security needs with storage constraints while meeting regulatory requirements. Consider both compliance mandates and operational requirements when setting retention timeframes.

Alert Management: Setting up automated notifications for suspicious activities enables rapid response to potential security incidents. This approach should include clearly defined escalation paths and response procedures for different types of alerts.

Documentation and Testing: Maintaining detailed records of audit configurations supports troubleshooting efforts and helps ensure consistency across database environments. Regular testing verifies that all components operate as intended and capture required data points.

Third-Party Integration: Solutions like DataSunrise can significantly enhance native audit capabilities through centralized management interfaces and advanced reporting features.

Conclusion

Database audit for Cloudberry provides essential security and compliance capabilities for modern organizations. Whether using native features or enhanced solutions like DataSunrise, proper audit implementation helps protect sensitive data and maintain regulatory compliance.

For advanced database security features, including comprehensive audit and compliance tools, visit DataSunrise’s website to explore our cutting-edge solutions and request an online demo.

Next

Percona Server for MySQL Database Activity History

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]