manualshive.com logo in svg

Fortinet FortiDB, User Manual

Fortinet FortiDB offers comprehensive database security solutions. Ensure optimal performance with our user manual. Download the manual for free from our website manualshive.com and get all the information you need to secure your databases effectively. Keep your information secure with Fortinet FortiDB.

Share
Download
background image

Rule Chaining 

Chaining with Parameterized User-Defined Rules

FortiDB Version 3.2 Utilities  User Guide
15-32000-81369-20081219

17

Chained-Rule Alerts: (UBM Session Policy and PUDR)

5

Get an alert when the (the Session Policy) Source rule is violated.

6

Get another alert when the chained PUDR executes and, in this case kills the 
session of 

BAD_GUY.

7

And, in the Alert Details dialog, display DB user name, OS user name, machine 
name, and source-program name as shown above.

Resulting Killed Session

8

Notice that our SQLPlus session has been killed

Alert Behavior

This topic describes various alert behavior users should be aware of.

Table Columns That Could Appear in Alerts

Be careful when specifying the SQL for your UDRs. Statements like "SELECT * 
FROM <table_name>", where <table_name> has a lot of columns, may produce 
alerts that are difficult to read due to the large number of columns. It is better to be 
more specific like "SELECT <column_name1>, ... , <column_nameN> from 
<table_name>". 

For example using Oracle, 

v$session

 has over 40 columns, so instead of this 

statement:

SELECT * FROM v$session WHERE osuser = '$osusername'

you might want to use one with specific columns, like:

Summary of Contents for FortiDB

Page 1: ...www fortinet com FortiDB Version 3 2 Utilities User Guide...

Page 2: ...ose without prior written permission of Fortinet Inc Trademarks ABACAS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiDB FortiGate FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiG...

Page 3: ...ating SQL Statement 18 Report Manager 20 Alert Report Manager 20 Setting a Report Schedule 20 Reporting by Time 23 Enabling Email Recipients 23 Specifying Report Parameters 23 Activating ARM 27 Runnin...

Page 4: ...IT Objectives and Setup Requirements 46 Report Body Columns 46 Abnormal Termination of Database Activity Report ATD 47 COBIT Objectives and Setup Requirements 47 Report Body Columns 47 End of Period A...

Page 5: ...A provides several utilities to help you use other modules Auto Discovery to ease the burden of manually setting up database connections Connection Summary to show which database connections are Open...

Page 6: ...Selecting Addresses for Auto Discovery In order to use this feature 1 Select the Database New menu and click the Auto Discovery button on the Create New Database Connection screen Or you can just sele...

Page 7: ...Auto Discovery FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 5 Selecting Non Standard Ports for Auto Discovery 5 Click the Begin Discovery button Results from Auto Discovery...

Page 8: ...ions screen the database connections you wish to assess or monitor The additional required and recommended fields will need to be completed manually See the FortiDB MA Administration Guide for more in...

Page 9: ...ort whose number is specified in the dss udpport property in dssConfig properties Note FortiDB MA sends a packet to port 1434 which MSSQL uses in order to return information about itself such as insta...

Page 10: ...81369 20081219 MS SQL Connection Summary Connection Summary The Connection Summary utility allows you to see by FortiDB MA module and in one place a dashboard view of all of your database connections...

Page 11: ...ng Screen FortiDB MA offers two types of chained rule pairs Rule pairs in which there are no parameters passed In this case you may use Guarded Items from Privilege Monitor PM Metadata monitor MM Cont...

Page 12: ...fic Target Database Connection You can perform the following Choose the target database the database you want to run the rules against Add item new chain Delete item View Modify item make changes to a...

Page 13: ...l appear with those of other policies Chaining with Parameterized User Defined Rules Parameters specific to the RDBMS type of your target database can be passed from the source to the target in order...

Page 14: ...n alert is generated 2 FortiDB MA determines if there is a PUDR that is chained to the source rule If a rule is chained FortiDB MA fetches the information on the chain relationship 3 FortiDB MA checks...

Page 15: ...er Guide 15 32000 81369 20081219 13 PUDR Eligible Rules Disabled Parameter Checkboxes If the chosen target rule cannot accept parameters they will be grayed out Validating the PUDR before Saving If on...

Page 16: ...haining Chaining the UBM Policy and PUDR Together Associating a Source Rule That Can Pass parameters with a PUDR Example of Chaining to a PL SQL based PUDR In this Oracle PL SQL kill session example w...

Page 17: ...Time 2 Create a UBM Session Policy our Source rule in order to monitor BAD_GUY and generate an alert to trigger our Target rule a PUDR We will pass the Session ID from the Source to the Target rule 3...

Page 18: ...chine VARCHAR 50 program VARCHAR 50 BEGIN SELECT sid serial username osuser machine program INTO sesid serial username osuser machine program FROM v session WHERE audsid sessionid v_statement v_str se...

Page 19: ...g Killed Session 8 Notice that our SQLPlus session has been killed Alert Behavior This topic describes various alert behavior users should be aware of Table Columns That Could Appear in Alerts Be care...

Page 20: ...of how many times the source rule gets violated A source rule alert will appear for each violation objectowner is replaced by the creator parameter which represents the authorization ID of the user wh...

Page 21: ...Chaining with Parameterized User Defined Rules FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 19 In this case the alert will be generated only for first object in the SELECT list na...

Page 22: ...Generated Time or Day ARM can retrieve historical reports and alerts thus providing a basis for regulatory or legal compliance And you can export reports in comma or tab delimited format for further e...

Page 23: ...lete Timer button Deleting a Timer Schedule Setting a Calendar based Schedule For a Calendar based Schedule 1 Click on the Add Schedule button at the bottom of the Schedule Setting screen 2 Specify th...

Page 24: ...hedule that while dependent on your chosen Interval value won t run exactly that often Setting a Randomized Interval If you check the Randomized checkbox a random number is used to modify your specifi...

Page 25: ...ious other modules ARM Reporting by Time ARM Reporting by Time Calendar Pop up In order to reduce the number of alerts on your report to only those you are interested in you may now filter alerts base...

Page 26: ...ties User Guide 24 15 32000 81369 20081219 Alert Report Manager Report Manager New Reports Menu In the New Reports page fill in the necessary data information that you want to show in the report New R...

Page 27: ...Severity Critical Informational etc FortiDB MA module from which you want to see the alert report Database you are assessing Rule type you want to use to assess vulnerabilities Guarded Items the spec...

Page 28: ...Violations checkbox enables whether similar violations are put in a single Alert record otherwise each violation has its own record You must check the Enable Report checkbox for your report to run You...

Page 29: ...eduled reports you should use the Reports Status menu Check the Yes checkbox and click the Save button Status Menu Status Dialog Running and Analyzing Reports You may elect to see all reports or just...

Page 30: ...utton you can get to a screen provides summary information for each alert The Summary Action gives high level information about each alert By clicking on the Id number in the row of interest you can g...

Page 31: ...n you can also click on the Id for the alarm of interest and be taken to the Alert Details screen Limitation Report Size The reporting functionality has been tested up to a size of about 40 000 rows p...

Page 32: ...e Custom Reports feature are 1 Set a schedule for all reports or for an individual report 2 Go to the Company Information page and provide the appropriate information 3 Generate the report a Choose th...

Page 33: ...2 Utilities User Guide 15 32000 81369 20081219 31 You can select Time only schedule Daily schedule Weekly schedule Monthly schedule Time only Schedule Settings Daily Schedule Settings You can have you...

Page 34: ...y Schedule Settings You can have your reports run on a monthly basis Customer and Company Information You can have a custom logo and address or other descriptive text appear on each report To set a cu...

Page 35: ...81219 33 Company Information Dialog Report and Template Generation and Management Custom Reports Main Page From the Custom Reports main page you can Add a report Modify a report Delete a report Modify...

Page 36: ...he Add Report button The Add Report dialog displays 3 Enter your report name and description 4 Click the Add Report button Adding a Report Modifying Reports To modify a report take the following steps...

Page 37: ...B Version 3 2 Utilities User Guide 15 32000 81369 20081219 35 Modifying a Report Deleting Reports 1 Select the report you want to delete 2 Click the Delete Report button The confirmation window displa...

Page 38: ...orts database You can also export the template from the internal reports database and store it as a jrxml file on local file system Templates Manager Page Click on the Manage Template s button on the...

Page 39: ...o filter the report data click the Settings button You may limit the rows returned by Specifying a like or not like Column Name condition The Filter Value is case sensitive You can use a wild card wit...

Page 40: ...ys 5 Enter URL of FortiDB host server for example http myserver mydomain com If you enter a URL with http prefix you need to uncheck Require server verification https for all sites in this zone check...

Page 41: ...Version 3 2 Utilities User Guide 15 32000 81369 20081219 39 Report History Report History Report History allows you to View a list of previously generated reports Regenerate a particular report Delete...

Page 42: ...Reports radio button on the User Administration screen The FortiDB MA license file excerpt shown above includes a license to use the Custom Reports and SOX Reports features Custom Report Properties Th...

Page 43: ...the FortiDB MA Custom Reports database jdbc postgresql localho st reportdb jdbc oracle thin 192 1 68 5 12 1521 ipref cr user Defines the user name for the FortiDB MA Custom Reports database fortidbma...

Page 44: ...One type of Custom Reports is the Sarbanes Oxley SOX Compliance reports Alert Statstics Report Contains detailed information about alerts Database Connection name Guarded item name Application name Po...

Page 45: ...Accounts Report AUS Abnormal Termination of Database Activity Report ATD End of Period Adjustments Report EPA Verification of Audit Settings Report VAS Acronym representing all SOX Compliance reports...

Page 46: ...5 DS5 3 DS5 4 Changes to escalate or reduce database user access privileges are tracked for review on a quarterly basis by the IT manager and the application business manager PM using the Audit data r...

Page 47: ...his will focus on data changes in specific tables containing financial information Column Description User ID The ID of the database user that conducted the flagged activity Object The name and owner...

Page 48: ...udit data retrieval method UBM Object or User policies Column Description User ID The ID of the database user that conducted the flagged activity Terminal Name The terminal IP address or name Origin A...

Page 49: ...val method MM using the Audit data retrieval method UBM object policies or user policies and the failed logins policy within the session policy to capture failed logins Column Description User ID The...

Page 50: ...Code The proprietary error code generated by the originating application Objective Number s Objective Description FortiDB MA Module Setup Requirement AI2 3 End of period adjustments to the general led...

Page 51: ...is July 1 8 days until July 1 15 days Conclusion The resulting report period is June 23 until July 16 inclusive Case 2 Assumption You are running your End of Period Adjustments EPA report sometime be...

Page 52: ...e Number s Objective Description FortiDB MA Module Setup Requirement DS3 5 DS5 5 DS13 3 Audit tracking is configured on all financial databases changes to audit functionality is reviewed by IT Managem...

Page 53: ...duce out of memory errors Archiving Reports You will not be able to generate the same reports after you archive as you were able to prior to archiving since reports are not archived Object The name an...

Page 54: ...FortiDB Version 3 2 Utilities User Guide 52 15 32000 81369 20081219 Verification of Audit Settings Report VAS SOX Report Specifics...

Page 55: ...1 12 18 47 privilege 44 property 7 R Randomized Interval 22 Report Detailed 29 Report History 39 Report Manager 20 Report Result 37 Report Summary 28 Rule Chaining Parameterized User Defined Rules 11...

Page 56: ...FortiDB Version 3 2 Utilities User Guide 54 15 32000 81369 20081219 Index...

Reviews:

No comments

Related manuals for FortiDB

3Com 3C19250 - USB Ethernet Network Interface... User Manual preview
3C19250 - USB Ethernet Network Interface...
Brand: 3Com Pages: 16
Q-See Remote Client Software V 4.0.1 User Manual preview
Remote Client Software V 4.0.1
Brand: Q-See Pages: 72
Tech Source RAPTOR 2100 FPS - RAPTOR DRIVERS FOR HP-UX INSTALLATION AND Installation And Reference Manual preview
RAPTOR 2100 FPS - RAPTOR DRIVERS FOR HP-UX INSTALLATION AND
Brand: Tech Source Pages: 36
Altigen AltiServ HPBX Administration Manual preview
AltiServ HPBX
Brand: Altigen Pages: 19
F-SECURE POLICY MANAGER 7.0 - Administrator'S Manual preview
POLICY MANAGER 7.0 -
Brand: F-SECURE Pages: 241
Altigen AltiContact Manager Version 5.0 Administration Manual preview
AltiContact Manager Version 5.0
Brand: Altigen Pages: 542
TC Electronic VSS3 Manual preview
VSS3
Brand: TC Electronic Pages: 22
UNIBLUE DRIVERSCANNER 2009 Manual preview
DRIVERSCANNER 2009
Brand: UNIBLUE Pages: 62
Cabletron Systems CBU-NM User Manual preview
CBU-NM
Brand: Cabletron Systems Pages: 108
Ulead MEDIASTUDIO PRO 7.0 - HD PLUG-IN 2.0 Manual preview
MEDIASTUDIO PRO 7.0 - HD PLUG-IN 2.0
Brand: Ulead Pages: 11
FARONICS DEEP FREEZE ENTERPRISE - UPDATE PROCEDURE... Update Manual preview
DEEP FREEZE ENTERPRISE - UPDATE PROCEDURE...
Brand: FARONICS Pages: 15
ICP MS Windows NT Using Manual preview
MS Windows NT
Brand: ICP Pages: 8
UMAX Technologies PowerColor User Manual preview
PowerColor
Brand: UMAX Technologies Pages: 127
UNIBLUE DRIVERSCANNER 2010 - V1 Product Manual preview
DRIVERSCANNER 2010 - V1
Brand: UNIBLUE Pages: 12
Garmin eTrex Vista C Software Manual preview
eTrex Vista C
Brand: Garmin Pages: 4
SanDisk MUSIC MATCH JUKEBOX 9.0 User Manual preview
MUSIC MATCH JUKEBOX 9.0
Brand: SanDisk Pages: 11
Tadiran Telecom Coral SeaBeam Installation And Configuration Reference Manual preview
Coral SeaBeam
Brand: Tadiran Telecom Pages: 68
Asus W6Fp (Japanese) User Manual preview
W6Fp
Brand: Asus Pages: 83

Brands by name

Popular brands

Load more brands