manualshive.com logo in svg

Fortinet FortiDB, User Manual

Fortinet FortiDB offers comprehensive database security solutions. Ensure optimal performance with our user manual. Download the manual for free from our website manualshive.com and get all the information you need to secure your databases effectively. Keep your information secure with Fortinet FortiDB.

Share
Download
background image

FortiDB Version 3.2 Utilities  User Guide

44

15-32000-81369-20081219

History of Privilege Changes Report (HPC)

SOX Report Specifics 

SOX Report Specifics 

This section lists the COBIT objectives and descriptions, the FortiDB MA module-setup requirements, and 
individual-column detail for each report in this release.

History of Privilege Changes Report (HPC)

HPC Report Sample

COBIT Objectives and Setup Requirements 

Report Body Columns

The following columns are displayed in the report body:

Objective 

Number(s)

Objective Description

FortiDB MA Module 

Setup Requirement

AI2.4, DS3.5, 
DS5.3, DS5.4

Changes to escalate or reduce database-user 
access privileges are tracked for review on a 
quarterly basis by the IT manager and the 
application business manager.

PM: using the 

Audit

 data 

retrieval method

Column

Description

User ID

The ID of the database user that initiated the privilege change.

Grantee

The name of the user for whom privileges were changed.

Action 

The type of action successfully enacted by a non-application user account. 
Actions include UPDATE, INSERT, and GRANT.

Target

The object on which the privileges were changed. 

Sys Privilege

The type of system privilege GRANTed to, or REVOKEd from, the grantee.

Obj Privilege

The type of object privilege GRANTed to, or REVOKEd from, the grantee. 

Time Stamp

The exact time the flagged activity was conducted. 

Summary of Contents for FortiDB

Page 1: ...www fortinet com FortiDB Version 3 2 Utilities User Guide...

Page 2: ...ose without prior written permission of Fortinet Inc Trademarks ABACAS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiDB FortiGate FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiG...

Page 3: ...ating SQL Statement 18 Report Manager 20 Alert Report Manager 20 Setting a Report Schedule 20 Reporting by Time 23 Enabling Email Recipients 23 Specifying Report Parameters 23 Activating ARM 27 Runnin...

Page 4: ...IT Objectives and Setup Requirements 46 Report Body Columns 46 Abnormal Termination of Database Activity Report ATD 47 COBIT Objectives and Setup Requirements 47 Report Body Columns 47 End of Period A...

Page 5: ...A provides several utilities to help you use other modules Auto Discovery to ease the burden of manually setting up database connections Connection Summary to show which database connections are Open...

Page 6: ...Selecting Addresses for Auto Discovery In order to use this feature 1 Select the Database New menu and click the Auto Discovery button on the Create New Database Connection screen Or you can just sele...

Page 7: ...Auto Discovery FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 5 Selecting Non Standard Ports for Auto Discovery 5 Click the Begin Discovery button Results from Auto Discovery...

Page 8: ...ions screen the database connections you wish to assess or monitor The additional required and recommended fields will need to be completed manually See the FortiDB MA Administration Guide for more in...

Page 9: ...ort whose number is specified in the dss udpport property in dssConfig properties Note FortiDB MA sends a packet to port 1434 which MSSQL uses in order to return information about itself such as insta...

Page 10: ...81369 20081219 MS SQL Connection Summary Connection Summary The Connection Summary utility allows you to see by FortiDB MA module and in one place a dashboard view of all of your database connections...

Page 11: ...ng Screen FortiDB MA offers two types of chained rule pairs Rule pairs in which there are no parameters passed In this case you may use Guarded Items from Privilege Monitor PM Metadata monitor MM Cont...

Page 12: ...fic Target Database Connection You can perform the following Choose the target database the database you want to run the rules against Add item new chain Delete item View Modify item make changes to a...

Page 13: ...l appear with those of other policies Chaining with Parameterized User Defined Rules Parameters specific to the RDBMS type of your target database can be passed from the source to the target in order...

Page 14: ...n alert is generated 2 FortiDB MA determines if there is a PUDR that is chained to the source rule If a rule is chained FortiDB MA fetches the information on the chain relationship 3 FortiDB MA checks...

Page 15: ...er Guide 15 32000 81369 20081219 13 PUDR Eligible Rules Disabled Parameter Checkboxes If the chosen target rule cannot accept parameters they will be grayed out Validating the PUDR before Saving If on...

Page 16: ...haining Chaining the UBM Policy and PUDR Together Associating a Source Rule That Can Pass parameters with a PUDR Example of Chaining to a PL SQL based PUDR In this Oracle PL SQL kill session example w...

Page 17: ...Time 2 Create a UBM Session Policy our Source rule in order to monitor BAD_GUY and generate an alert to trigger our Target rule a PUDR We will pass the Session ID from the Source to the Target rule 3...

Page 18: ...chine VARCHAR 50 program VARCHAR 50 BEGIN SELECT sid serial username osuser machine program INTO sesid serial username osuser machine program FROM v session WHERE audsid sessionid v_statement v_str se...

Page 19: ...g Killed Session 8 Notice that our SQLPlus session has been killed Alert Behavior This topic describes various alert behavior users should be aware of Table Columns That Could Appear in Alerts Be care...

Page 20: ...of how many times the source rule gets violated A source rule alert will appear for each violation objectowner is replaced by the creator parameter which represents the authorization ID of the user wh...

Page 21: ...Chaining with Parameterized User Defined Rules FortiDB Version 3 2 Utilities User Guide 15 32000 81369 20081219 19 In this case the alert will be generated only for first object in the SELECT list na...

Page 22: ...Generated Time or Day ARM can retrieve historical reports and alerts thus providing a basis for regulatory or legal compliance And you can export reports in comma or tab delimited format for further e...

Page 23: ...lete Timer button Deleting a Timer Schedule Setting a Calendar based Schedule For a Calendar based Schedule 1 Click on the Add Schedule button at the bottom of the Schedule Setting screen 2 Specify th...

Page 24: ...hedule that while dependent on your chosen Interval value won t run exactly that often Setting a Randomized Interval If you check the Randomized checkbox a random number is used to modify your specifi...

Page 25: ...ious other modules ARM Reporting by Time ARM Reporting by Time Calendar Pop up In order to reduce the number of alerts on your report to only those you are interested in you may now filter alerts base...

Page 26: ...ties User Guide 24 15 32000 81369 20081219 Alert Report Manager Report Manager New Reports Menu In the New Reports page fill in the necessary data information that you want to show in the report New R...

Page 27: ...Severity Critical Informational etc FortiDB MA module from which you want to see the alert report Database you are assessing Rule type you want to use to assess vulnerabilities Guarded Items the spec...

Page 28: ...Violations checkbox enables whether similar violations are put in a single Alert record otherwise each violation has its own record You must check the Enable Report checkbox for your report to run You...

Page 29: ...eduled reports you should use the Reports Status menu Check the Yes checkbox and click the Save button Status Menu Status Dialog Running and Analyzing Reports You may elect to see all reports or just...

Page 30: ...utton you can get to a screen provides summary information for each alert The Summary Action gives high level information about each alert By clicking on the Id number in the row of interest you can g...

Page 31: ...n you can also click on the Id for the alarm of interest and be taken to the Alert Details screen Limitation Report Size The reporting functionality has been tested up to a size of about 40 000 rows p...

Page 32: ...e Custom Reports feature are 1 Set a schedule for all reports or for an individual report 2 Go to the Company Information page and provide the appropriate information 3 Generate the report a Choose th...

Page 33: ...2 Utilities User Guide 15 32000 81369 20081219 31 You can select Time only schedule Daily schedule Weekly schedule Monthly schedule Time only Schedule Settings Daily Schedule Settings You can have you...

Page 34: ...y Schedule Settings You can have your reports run on a monthly basis Customer and Company Information You can have a custom logo and address or other descriptive text appear on each report To set a cu...

Page 35: ...81219 33 Company Information Dialog Report and Template Generation and Management Custom Reports Main Page From the Custom Reports main page you can Add a report Modify a report Delete a report Modify...

Page 36: ...he Add Report button The Add Report dialog displays 3 Enter your report name and description 4 Click the Add Report button Adding a Report Modifying Reports To modify a report take the following steps...

Page 37: ...B Version 3 2 Utilities User Guide 15 32000 81369 20081219 35 Modifying a Report Deleting Reports 1 Select the report you want to delete 2 Click the Delete Report button The confirmation window displa...

Page 38: ...orts database You can also export the template from the internal reports database and store it as a jrxml file on local file system Templates Manager Page Click on the Manage Template s button on the...

Page 39: ...o filter the report data click the Settings button You may limit the rows returned by Specifying a like or not like Column Name condition The Filter Value is case sensitive You can use a wild card wit...

Page 40: ...ys 5 Enter URL of FortiDB host server for example http myserver mydomain com If you enter a URL with http prefix you need to uncheck Require server verification https for all sites in this zone check...

Page 41: ...Version 3 2 Utilities User Guide 15 32000 81369 20081219 39 Report History Report History Report History allows you to View a list of previously generated reports Regenerate a particular report Delete...

Page 42: ...Reports radio button on the User Administration screen The FortiDB MA license file excerpt shown above includes a license to use the Custom Reports and SOX Reports features Custom Report Properties Th...

Page 43: ...the FortiDB MA Custom Reports database jdbc postgresql localho st reportdb jdbc oracle thin 192 1 68 5 12 1521 ipref cr user Defines the user name for the FortiDB MA Custom Reports database fortidbma...

Page 44: ...One type of Custom Reports is the Sarbanes Oxley SOX Compliance reports Alert Statstics Report Contains detailed information about alerts Database Connection name Guarded item name Application name Po...

Page 45: ...Accounts Report AUS Abnormal Termination of Database Activity Report ATD End of Period Adjustments Report EPA Verification of Audit Settings Report VAS Acronym representing all SOX Compliance reports...

Page 46: ...5 DS5 3 DS5 4 Changes to escalate or reduce database user access privileges are tracked for review on a quarterly basis by the IT manager and the application business manager PM using the Audit data r...

Page 47: ...his will focus on data changes in specific tables containing financial information Column Description User ID The ID of the database user that conducted the flagged activity Object The name and owner...

Page 48: ...udit data retrieval method UBM Object or User policies Column Description User ID The ID of the database user that conducted the flagged activity Terminal Name The terminal IP address or name Origin A...

Page 49: ...val method MM using the Audit data retrieval method UBM object policies or user policies and the failed logins policy within the session policy to capture failed logins Column Description User ID The...

Page 50: ...Code The proprietary error code generated by the originating application Objective Number s Objective Description FortiDB MA Module Setup Requirement AI2 3 End of period adjustments to the general led...

Page 51: ...is July 1 8 days until July 1 15 days Conclusion The resulting report period is June 23 until July 16 inclusive Case 2 Assumption You are running your End of Period Adjustments EPA report sometime be...

Page 52: ...e Number s Objective Description FortiDB MA Module Setup Requirement DS3 5 DS5 5 DS13 3 Audit tracking is configured on all financial databases changes to audit functionality is reviewed by IT Managem...

Page 53: ...duce out of memory errors Archiving Reports You will not be able to generate the same reports after you archive as you were able to prior to archiving since reports are not archived Object The name an...

Page 54: ...FortiDB Version 3 2 Utilities User Guide 52 15 32000 81369 20081219 Verification of Audit Settings Report VAS SOX Report Specifics...

Page 55: ...1 12 18 47 privilege 44 property 7 R Randomized Interval 22 Report Detailed 29 Report History 39 Report Manager 20 Report Result 37 Report Summary 28 Rule Chaining Parameterized User Defined Rules 11...

Page 56: ...FortiDB Version 3 2 Utilities User Guide 54 15 32000 81369 20081219 Index...

Reviews:

No comments

Related manuals for FortiDB

Garmin GNC 420 Instructions Manual preview
GNC 420
Brand: Garmin Pages: 6
Vaisala DigiCORA 3.64 Technical Note preview
DigiCORA 3.64
Brand: Vaisala Pages: 22
Novation V-Station User Manual preview
V-Station
Brand: Novation Pages: 93
Fujitsu Saving and Recovering Your Factory and System Images Manual preview
Saving and Recovering Your Factory and System Images
Brand: Fujitsu Pages: 16
Fujitsu Solaris 10 Hardware Platform Manual preview
Solaris 10
Brand: Fujitsu Pages: 52
Fujitsu Restoring Microsoft Windows® 7 Edition Manual preview
Restoring Microsoft Windows® 7 Edition
Brand: Fujitsu Pages: 4
Fujitsu ServerView Event Manager User Manual preview
ServerView Event Manager
Brand: Fujitsu Pages: 172
Fujitsu ScandAll PRO How To Use Manual preview
ScandAll PRO
Brand: Fujitsu Pages: 45
Fujitsu SOFTUNE User Manual preview
SOFTUNE
Brand: Fujitsu Pages: 234
Fujitsu ServerView Operations Manager V6.12 User Manual preview
ServerView Operations Manager V6.12
Brand: Fujitsu Pages: 282
Fujitsu ServerView Virtual-IO Manager V3.1 User Manual preview
ServerView Virtual-IO Manager V3.1
Brand: Fujitsu Pages: 362
Fujitsu ServerView Resource Orchestrator Cloud Edition V3.1.1 Operation User Manual preview
ServerView Resource Orchestrator Cloud Edition V3.1.1 Operation
Brand: Fujitsu Pages: 414
Fujitsu Remote Management User Manual preview
Remote Management
Brand: Fujitsu Pages: 426
Symantec PC ANYWHERE SOLUTION V 12.5 Manual preview
PC ANYWHERE SOLUTION V 12.5
Brand: Symantec Pages: 63
I.R.I.S. CARDIRIS 5 Getting Started Manual preview
CARDIRIS 5
Brand: I.R.I.S. Pages: 10
I.R.I.S. IRISPOWERSCAN 9.0 User Manual preview
IRISPOWERSCAN 9.0
Brand: I.R.I.S. Pages: 153
UNIBLUE DiskRescue 2009 Manual preview
DiskRescue 2009
Brand: UNIBLUE Pages: 26
Fiat Formidable mOByDic 3210 Series User Manual preview
Formidable mOByDic 3210 Series
Brand: Fiat Pages: 17

Brands by name

Popular brands

Load more brands