When an audit record matches an enabled user-defined rule, Database Audit triggers an alert. You can add whitelists to prevent alerts for trusted activities. If an audit record matches a whitelist, Database Audit does not generate an alert, even if the record also matches a user-defined rule. This topic describes how to add a whitelist and apply it to a user-defined rule in Database Audit.
Add whitelist
-
Log on to the Database Audit system.
For more information, see Log on to the Database Audit system.
-
In the left-side navigation pane, choose .
-
Click the Whitelist Management tab.
-
On the Whitelist Management tab, click Add.
-
In the Add Whitelist panel, configure the whitelist.
Name: Enter a name for the whitelist.
Description: Enter a description for the whitelist.
whitelist rule: For descriptions of parameters such as Client, Server, Action, Result, and Others, see Rule configuration parameter descriptions.
-
Click Save.
After you add the whitelist, it appears on the Whitelist Management tab. You can click Edit or Delete in the Actions column.
Apply whitelist to a user-defined rule
-
On the Security Rules page, click the Rule Management tab.
-
Find the target rule and click the number in the Whitelist Count column.
-
In the Set Whitelist of Rule <Rule Name> dialog box, select the whitelists to apply, and set their Status to enabled.
Related documents
For information about configuring security rules for a database, see Configure security rules.