Features

更新时间:
复制 MD 格式

Database Audit provides user behavior auditing, multi-dimensional analysis, real-time alerts, and reports.

User behavior auditing

  • Correlates access operations at the application and database layers. This enables application identity recognition in both client/server (C/S) and browser/server (B/S) architectures.
  • Traces the identity and behavior of application users.

Multi-dimensional analysis

  • Threat and risk analysis

    Analyzes SQL activity for risks such as high, medium, and low-level threats, SQL injection, blacklisted statements, and authorization policy violations.

  • Session analysis

    Analyzes sessions based on multiple dimensions, such as time, client IP and port, server-side IP and port, database account, asset information, database instance, client tool, database type, and hostname.

  • Detailed statement analysis

    Retrieves detailed statements based on various search criteria, such as time, message content, asset information, database account, SQL template, client IP and port, server-side IP and port, database instance, number of affected rows, execution duration, operation type, and execution status.

Multi-dimensional alerting mechanism

  • Security rules

    Includes over 900 built-in security rules that cover common scenarios. These rules are continuously updated. Custom security rules are also supported.

    Built-in security rules contain the signatures of known insecure SQL statements. Database Audit matches audited SQL statements against these rules to detect suspicious behavior.

  • Risks from abnormal operations

    Supports fine-grained definitions for monitoring risky access behaviors. These definitions can be based on various elements, such as IP address, user, database client tool, time, sensitive objects, number of returned rows, system objects, and high-risk operations.

  • SQL injection

    Provides a comprehensive SQL injection library and descriptions based on regular expressions or abstract syntax. It sends an immediate alert upon detecting abnormal database behavior.

  • Blacklists and whitelists

    You can define rules that precisely match specific access SQL statements to trigger an immediate alert.

Fine-grained reports

  • Comprehensive analysis reports

    Provides a comprehensive analysis of your database status. The analysis covers four dimensions: SQL statement execution, sessions, risk events, and SQL performance.

  • Performance analysis reports

    Analyzes database performance from five perspectives: performance trends, databases or system IDs (SIDs) with the worst performance, longest-running SQL statements, SQL statements with the worst performance, and most frequently executed SQL statements.

  • Classified protection reference analysis reports

    Provides analysis reports that align with the GB/T 28448-2019 standard for Classified Protection of Cybersecurity 2.0. These reports provide targeted analysis of security audit requirements, such as intrusion prevention, malicious code detection, and security audit monitoring.

  • Statement analysis reports

    Analyzes and displays statement information from five dimensions: SQL statement analysis, failed statement analysis, SQL statement trends, audit trends, and analysis of the most executed SQL templates.

  • Session analysis reports

    Includes four types of reports: new session analysis, failed session analysis, concurrent session analysis, and session count trend analysis.

  • Alert analysis reports

    Analyzes current alerts from four dimensions: alert trends, alert source analysis, alert object analysis, and rule hit analysis.

  • Other reports

    Includes four other types of reports: client tool analysis, database account analysis, database or SID analysis, and database access source IP analysis.