DocsICP FilingConsole
官方文档
首页

Configure alert rules

更新时间:
复制 MD 格式
产品详情
我的收藏

The Security Audit (New Version) feature enables all built-in database audit rules and anomaly detection models by default. You can disable any unneeded rules or models. For greater flexibility, you can also create a custom detection model based on dimensions such as databases, tables, fields, access sources, and instances.

Prerequisites

The security audit (new version) feature must be enabled. For more information, see Enable security audit (new version).

Manage database audit rules

DAS enables all built-in database audit rules by default. You can disable any you don't need.

  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Security Center > Security Audit.

  3. On the Security Audit page, click Alert Rules > Database Audit Rules.

  4. Disable any unneeded rules.

Manage anomaly detection models

DAS enables all built-in anomaly detection models by default. You can disable any you don't need.

  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Security Center > Security Audit.

  3. On the Security Audit page, click Alert Rules > Anomaly Detection Model.

  4. Disable any unneeded models.

Create a custom detection model

If the built-in detection models do not meet your needs, you can create a custom detection model.

  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Security Center > Security Audit.

  3. On the Security Audit page, click Alert Rules > Custom Detection Model.

  4. Click Add Rule.

  5. In the Create Rule dialog box, configure the model's parameters and click OK.

    Parameter

    Description

    Rule Name

    Enter a descriptive name for the model.

    Risk level

    Select a risk level for the model.

    Asset type

    Select RDS as the asset type.

    Filter condition

    Set filter conditions to define the anomalous events to detect.

    Add More

    Click Add More to add multiple filter conditions. Multiple conditions are joined by an AND operator.

    Alert condition

    Define the conditions that trigger an alert and the time window for detection. DAS generates an alert if data that matches the filter conditions meets this alert condition within the specified time window.

    After creation, the model appears in the model list where you can edit it. New models are disabled (Not Enabled) by default and must be enabled to take effect.

  6. To enable the model, turn on its switch in the Status column.

Previous:View anomaly alertsNext:Manage whitelists