manualshive.com logo in svg

Fortinet FortiDB, User Manual

Fortinet FortiDB offers comprehensive database security solutions. Ensure optimal performance with our user manual. Download the manual for free from our website manualshive.com and get all the information you need to secure your databases effectively. Keep your information secure with Fortinet FortiDB.

Share
Download
background image

FortiDB Version 3.2 Utilities  User Guide

12

15-32000-81369-20081219

Chaining with Parameterized User-Defined Rules

Rule Chaining

General PUDR Steps

The general step for creating a chain that uses a PUDR are:

1

In UBM, define an Object, User, or Session policy that will be your Source Rule.

2

In UBM, define a PUDR that will be your Target Rule

3

In the Rule Chaining module, define a chain which associates the UBM policy and 
the PUDR. 

PUDR Process

Parameterized User-Defined Rule Flow Diagram

The PUDR process involves these steps. 

1

The source rule is violated and an alert is generated.

2

FortiDB MA determines if there is a PUDR that is chained to the source rule.

• If a rule is chained, FortiDB MA fetches the information on the chain 
relationship

3

FortiDB MA checks to see if the source rule is to be run immediately or not.

4

FortiDB MA checks to see if the chained rule is a PUDR vs. a regular policy

a

If a regular UDR, FortiDB MA runs the UDR without passing any 
variables.

b

If the rule is a PUDR and is set to be run immediately, FortiDB MA 
passes the parameters defined in the rule chain to the PUDR.

c

If the rule is a PUDR and is set to be run with the schedule settings of 
the source rule, FortiDB MA indicates that parameters have to be 
passed for the successful execution of the PUDR.

5

An alert is generated for the PUDR.

Summary of Contents for FortiDB

Page 1: ...www fortinet com FortiDB Version 3 2 Utilities User Guide...

Page 2: ...ose without prior written permission of Fortinet Inc Trademarks ABACAS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiDB FortiGate FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiG...

Page 3: ...ating SQL Statement 18 Report Manager 20 Alert Report Manager 20 Setting a Report Schedule 20 Reporting by Time 23 Enabling Email Recipients 23 Specifying Report Parameters 23 Activating ARM 27 Runnin...

Page 4: ...IT Objectives and Setup Requirements 46 Report Body Columns 46 Abnormal Termination of Database Activity Report ATD 47 COBIT Objectives and Setup Requirements 47 Report Body Columns 47 End of Period A...

Page 5: ...A provides several utilities to help you use other modules Auto Discovery to ease the burden of manually setting up database connections Connection Summary to show which database connections are Open...

Page 6: ...Selecting Addresses for Auto Discovery In order to use this feature 1 Select the Database New menu and click the Auto Discovery button on the Create New Database Connection screen Or you can just sele...

Page 7: ...Auto Discovery FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 5 Selecting Non Standard Ports for Auto Discovery 5 Click the Begin Discovery button Results from Auto Discovery...

Page 8: ...ions screen the database connections you wish to assess or monitor The additional required and recommended fields will need to be completed manually See the FortiDB MA Administration Guide for more in...

Page 9: ...ort whose number is specified in the dss udpport property in dssConfig properties Note FortiDB MA sends a packet to port 1434 which MSSQL uses in order to return information about itself such as insta...

Page 10: ...81369 20081219 MS SQL Connection Summary Connection Summary The Connection Summary utility allows you to see by FortiDB MA module and in one place a dashboard view of all of your database connections...

Page 11: ...ng Screen FortiDB MA offers two types of chained rule pairs Rule pairs in which there are no parameters passed In this case you may use Guarded Items from Privilege Monitor PM Metadata monitor MM Cont...

Page 12: ...fic Target Database Connection You can perform the following Choose the target database the database you want to run the rules against Add item new chain Delete item View Modify item make changes to a...

Page 13: ...l appear with those of other policies Chaining with Parameterized User Defined Rules Parameters specific to the RDBMS type of your target database can be passed from the source to the target in order...

Page 14: ...n alert is generated 2 FortiDB MA determines if there is a PUDR that is chained to the source rule If a rule is chained FortiDB MA fetches the information on the chain relationship 3 FortiDB MA checks...

Page 15: ...er Guide 15 32000 81369 20081219 13 PUDR Eligible Rules Disabled Parameter Checkboxes If the chosen target rule cannot accept parameters they will be grayed out Validating the PUDR before Saving If on...

Page 16: ...haining Chaining the UBM Policy and PUDR Together Associating a Source Rule That Can Pass parameters with a PUDR Example of Chaining to a PL SQL based PUDR In this Oracle PL SQL kill session example w...

Page 17: ...Time 2 Create a UBM Session Policy our Source rule in order to monitor BAD_GUY and generate an alert to trigger our Target rule a PUDR We will pass the Session ID from the Source to the Target rule 3...

Page 18: ...chine VARCHAR 50 program VARCHAR 50 BEGIN SELECT sid serial username osuser machine program INTO sesid serial username osuser machine program FROM v session WHERE audsid sessionid v_statement v_str se...

Page 19: ...g Killed Session 8 Notice that our SQLPlus session has been killed Alert Behavior This topic describes various alert behavior users should be aware of Table Columns That Could Appear in Alerts Be care...

Page 20: ...of how many times the source rule gets violated A source rule alert will appear for each violation objectowner is replaced by the creator parameter which represents the authorization ID of the user wh...

Page 21: ...Chaining with Parameterized User Defined Rules FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 19 In this case the alert will be generated only for first object in the SELECT list na...

Page 22: ...Generated Time or Day ARM can retrieve historical reports and alerts thus providing a basis for regulatory or legal compliance And you can export reports in comma or tab delimited format for further e...

Page 23: ...lete Timer button Deleting a Timer Schedule Setting a Calendar based Schedule For a Calendar based Schedule 1 Click on the Add Schedule button at the bottom of the Schedule Setting screen 2 Specify th...

Page 24: ...hedule that while dependent on your chosen Interval value won t run exactly that often Setting a Randomized Interval If you check the Randomized checkbox a random number is used to modify your specifi...

Page 25: ...ious other modules ARM Reporting by Time ARM Reporting by Time Calendar Pop up In order to reduce the number of alerts on your report to only those you are interested in you may now filter alerts base...

Page 26: ...ties User Guide 24 15 32000 81369 20081219 Alert Report Manager Report Manager New Reports Menu In the New Reports page fill in the necessary data information that you want to show in the report New R...

Page 27: ...Severity Critical Informational etc FortiDB MA module from which you want to see the alert report Database you are assessing Rule type you want to use to assess vulnerabilities Guarded Items the spec...

Page 28: ...Violations checkbox enables whether similar violations are put in a single Alert record otherwise each violation has its own record You must check the Enable Report checkbox for your report to run You...

Page 29: ...eduled reports you should use the Reports Status menu Check the Yes checkbox and click the Save button Status Menu Status Dialog Running and Analyzing Reports You may elect to see all reports or just...

Page 30: ...utton you can get to a screen provides summary information for each alert The Summary Action gives high level information about each alert By clicking on the Id number in the row of interest you can g...

Page 31: ...n you can also click on the Id for the alarm of interest and be taken to the Alert Details screen Limitation Report Size The reporting functionality has been tested up to a size of about 40 000 rows p...

Page 32: ...e Custom Reports feature are 1 Set a schedule for all reports or for an individual report 2 Go to the Company Information page and provide the appropriate information 3 Generate the report a Choose th...

Page 33: ...2 Utilities User Guide 15 32000 81369 20081219 31 You can select Time only schedule Daily schedule Weekly schedule Monthly schedule Time only Schedule Settings Daily Schedule Settings You can have you...

Page 34: ...y Schedule Settings You can have your reports run on a monthly basis Customer and Company Information You can have a custom logo and address or other descriptive text appear on each report To set a cu...

Page 35: ...81219 33 Company Information Dialog Report and Template Generation and Management Custom Reports Main Page From the Custom Reports main page you can Add a report Modify a report Delete a report Modify...

Page 36: ...he Add Report button The Add Report dialog displays 3 Enter your report name and description 4 Click the Add Report button Adding a Report Modifying Reports To modify a report take the following steps...

Page 37: ...B Version 3 2 Utilities User Guide 15 32000 81369 20081219 35 Modifying a Report Deleting Reports 1 Select the report you want to delete 2 Click the Delete Report button The confirmation window displa...

Page 38: ...orts database You can also export the template from the internal reports database and store it as a jrxml file on local file system Templates Manager Page Click on the Manage Template s button on the...

Page 39: ...o filter the report data click the Settings button You may limit the rows returned by Specifying a like or not like Column Name condition The Filter Value is case sensitive You can use a wild card wit...

Page 40: ...ys 5 Enter URL of FortiDB host server for example http myserver mydomain com If you enter a URL with http prefix you need to uncheck Require server verification https for all sites in this zone check...

Page 41: ...Version 3 2 Utilities User Guide 15 32000 81369 20081219 39 Report History Report History Report History allows you to View a list of previously generated reports Regenerate a particular report Delete...

Page 42: ...Reports radio button on the User Administration screen The FortiDB MA license file excerpt shown above includes a license to use the Custom Reports and SOX Reports features Custom Report Properties Th...

Page 43: ...the FortiDB MA Custom Reports database jdbc postgresql localho st reportdb jdbc oracle thin 192 1 68 5 12 1521 ipref cr user Defines the user name for the FortiDB MA Custom Reports database fortidbma...

Page 44: ...One type of Custom Reports is the Sarbanes Oxley SOX Compliance reports Alert Statstics Report Contains detailed information about alerts Database Connection name Guarded item name Application name Po...

Page 45: ...Accounts Report AUS Abnormal Termination of Database Activity Report ATD End of Period Adjustments Report EPA Verification of Audit Settings Report VAS Acronym representing all SOX Compliance reports...

Page 46: ...5 DS5 3 DS5 4 Changes to escalate or reduce database user access privileges are tracked for review on a quarterly basis by the IT manager and the application business manager PM using the Audit data r...

Page 47: ...his will focus on data changes in specific tables containing financial information Column Description User ID The ID of the database user that conducted the flagged activity Object The name and owner...

Page 48: ...udit data retrieval method UBM Object or User policies Column Description User ID The ID of the database user that conducted the flagged activity Terminal Name The terminal IP address or name Origin A...

Page 49: ...val method MM using the Audit data retrieval method UBM object policies or user policies and the failed logins policy within the session policy to capture failed logins Column Description User ID The...

Page 50: ...Code The proprietary error code generated by the originating application Objective Number s Objective Description FortiDB MA Module Setup Requirement AI2 3 End of period adjustments to the general led...

Page 51: ...is July 1 8 days until July 1 15 days Conclusion The resulting report period is June 23 until July 16 inclusive Case 2 Assumption You are running your End of Period Adjustments EPA report sometime be...

Page 52: ...e Number s Objective Description FortiDB MA Module Setup Requirement DS3 5 DS5 5 DS13 3 Audit tracking is configured on all financial databases changes to audit functionality is reviewed by IT Managem...

Page 53: ...duce out of memory errors Archiving Reports You will not be able to generate the same reports after you archive as you were able to prior to archiving since reports are not archived Object The name an...

Page 54: ...FortiDB Version 3 2 Utilities User Guide 52 15 32000 81369 20081219 Verification of Audit Settings Report VAS SOX Report Specifics...

Page 55: ...1 12 18 47 privilege 44 property 7 R Randomized Interval 22 Report Detailed 29 Report History 39 Report Manager 20 Report Result 37 Report Summary 28 Rule Chaining Parameterized User Defined Rules 11...

Page 56: ...FortiDB Version 3 2 Utilities User Guide 54 15 32000 81369 20081219 Index...

Reviews:

No comments

Related manuals for FortiDB

NEC NP-PH1400U Manual preview
NP-PH1400U
Brand: NEC Pages: 3
Waves Software Audio Processor DLA User Manual preview
Software Audio Processor DLA
Brand: Waves Pages: 6
Oberheim Matrix-1000 Owner'S Manual preview
Matrix-1000
Brand: Oberheim Pages: 64
MACROMEDIA CONTRIBUTE-USING CONTRIBUTE Use Manual preview
CONTRIBUTE-USING CONTRIBUTE
Brand: MACROMEDIA Pages: 214
Blackberry WINDOWS LIVE MESSENGER - LEARN MORE User Manual preview
WINDOWS LIVE MESSENGER - LEARN MORE
Brand: Blackberry Pages: 18
Brother PE-Design Next Instruction Manual preview
PE-Design Next
Brand: Brother Pages: 320
Bosch VIDOS Installation And Operating Manual preview
VIDOS
Brand: Bosch Pages: 40
Bosch Divar Archive Player Operation Manual preview
Divar Archive Player
Brand: Bosch Pages: 10
Bosch MBV-BPRO-40 Operator'S Manual preview
MBV-BPRO-40
Brand: Bosch Pages: 86
Bosch DINION IP 5000 MP Software Manual preview
DINION IP 5000 MP
Brand: Bosch Pages: 112
Quantum PX500 Series Installation Instructions Manual preview
PX500 Series
Brand: Quantum Pages: 26
Quantum Management Console 4.4 User Manual preview
Management Console 4.4
Brand: Quantum Pages: 120
Internet Security Systems RealSecure User Manual preview
RealSecure
Brand: Internet Security Systems Pages: 126
Brocade Communications Systems IronWare Release Note preview
IronWare
Brand: Brocade Communications Systems Pages: 40
Brocade Communications Systems Brocade BladeSystem 4/24 Administrator'S Manual preview
Brocade BladeSystem 4/24
Brand: Brocade Communications Systems Pages: 62
Brocade Communications Systems Fabric OS v7.0.1 Command Reference Manual preview
Fabric OS v7.0.1
Brand: Brocade Communications Systems Pages: 1132
Symantec NORTON INTERNET SECURITY - FOR MAC V4 User Manual preview
NORTON INTERNET SECURITY - FOR MAC V4
Brand: Symantec Pages: 28
Symantec CONFLICTMANAGER Reference preview
CONFLICTMANAGER
Brand: Symantec Pages: 54

Brands by name

Popular brands

Load more brands