DAS security audit (new version) detects potential database risks using built-in rules for high-risk operations, SQL injection, data breaches, and vulnerability attacks. You can customize rules to control database access by scenario and application type.
Supported databases and regions
The following databases and regions support security audit (new version).
|
Database |
Supported regions |
|
China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), and China (Hong Kong) |
|
RDS for PostgreSQL |
China (Qingdao), China (Beijing), and China (Hong Kong) |
|
PolarDB-X 2.0 |
Public Cloud China (Hangzhou), China (Shanghai), China (Shenzhen), China (Beijing), China (Zhangjiakou), and China (Hong Kong) Finance Cloud China (Hangzhou) Finance Cloud, China (Shanghai) Finance Cloud, and China (Shenzhen) Finance Cloud |
|
PolarDB for PostgreSQL (Compatible with Oracle) |
China (Hangzhou) and Malaysia (Kuala Lumpur) |
|
PolarDB for PostgreSQL |
China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Shenzhen), and China (Hong Kong) |
Billing
Security audit (new version) incurs charges based on whether DAS Enterprise Edition is already enabled:
-
DAS Enterprise Edition is not enabled: Enabling security audit automatically enables DAS Enterprise Edition V3 and audit logs. You are charged for both log traffic and security audit fees.
-
DAS Enterprise Edition is already enabled: You are charged only for security audit (SecurityAudit).
-
To view security audit bills, select AI-Native Database Service for Product Name and select Database Security Agent for Commodity Name.
Full SQL details are stored in cold storage. DAS provides 30 days of free cold storage. After this period, additional cold storage fees apply.
Features
Security audit (new version) includes over 900 built-in rules for high-risk operations across four categories: abnormal operations, data breaches, SQL injection, and vulnerability attacks. It automatically detects risks such as high-risk operations, SQL injection, and new access patterns.
Key capabilities:
-
Audit alerts: Alerts on five risk types — abnormal operations, data breaches, SQL injection, vulnerability attacks, and new access.
-
Anomaly alerts: Detects abnormal sensitive data operations (such as abnormal data flow and behavior) using built-in or custom models.
-
Alert rules: Manages built-in database audit rules and anomaly detection models. You can create custom detection models based on databases, tables, fields, access sources, and instances for flexible security policies.
-
Whitelists: Adds trusted accounts and IP addresses to identify and isolate access sources and reduce false positives.
Enable security audit
You can enable security audit for a single instance or multiple instances at a time.
Method 1: Enable security audit for a single instance
This method enables security audit for the current instance only.
Log on to the DAS console.
In the navigation pane on the left, click .
Find the target instance and click the instance ID to open the instance details page.
-
In the left-side navigation pane, click Security Audit.
-
On the Security Audit page, click Enable Security Audit.
-
Configure the features and audit data retention period, then click Submit.
Method 2: Enable security audit for multiple instances
This method enables security audit for one or more instances at a time.
Log on to the DAS console.
-
In the left-side navigation pane, choose Security Center > Security Audit.
-
Select the instances that do not have security audit enabled.
-
Click .
-
Configure the security audit features and data retention period, then click Submit.