Manage database assets

更新时间:
复制 MD 格式

Before auditing a database, you must add it to Database Audit. This topic describes how to add, modify, and delete database assets in Database Audit.

Background information

For a list of database types supported by Database Audit, see Supported Database Types.

Important

Database Audit can audit database access traffic on an internal network only, not on a public network.

Add a database

  1. Log on to Database Audit. For instructions, see Log on to the Database Audit system.

  2. In the navigation pane on the left, choose Assets > Asset Management.

  3. On the Assets page, click Add.

  4. In the Add Asset panel, configure the database parameters and click Save.

    • Add an RDS instance

      Database Audit automatically discovers RDS instances within your configured VPC. To audit these instances, you only need to enable the audit feature. These automatically discovered instances are classified as the RDS asset type. You can also add an RDS database instance manually. A manually added RDS instance is classified as a user-created database asset.

      Parameter

      Description

      Type

      Select RDS, and then select the type and version of the RDS instance that you want to audit.

      RDS database instance

      From the drop-down list, select the ID of the RDS instance that you want to audit.

      Name

      Enter a name for the database asset. By default, the name of the selected RDS instance is used, but you can change it.

      Address and port

      After you select an RDS instance, the system automatically populates the IP address and port. You cannot modify this information during creation.

      You can modify the IP address and port after the database asset is added. For instructions, see Modify a database asset.

      Note

      RDS instances do not support encrypted audit. You do not need to enable the Use SSL switch.

    • Add a PolarDB, PolarDB-X, AnalyticDB, OceanBase, or general-purpose database

      Parameter

      Description

      Type

      Select a database type and version under PolarDB, PolarDB-X, AnalyticDB, OceanBase, or General.

      Name

      Enter a name for the database asset.

      Address and port

      Enter the IP address and port of the database. You can click the 图标 icon to add multiple entries.

      Note

      In scenarios such as Oracle Real Application Clusters (RAC) or MySQL read/write splitting, you can add multiple IP addresses and ports to audit the entire cluster.

      Use SSL

      The Use SSL switch is available only when you select MySQL as the database type. To use encrypted audit, the database must meet the following conditions:

      • The database type is user-created MySQL 5.6.

      • The encryption algorithm is AES256-SHA or AES128-SHA (one-way authentication).

      If your MySQL database meets these conditions and is configured with an SSL certificate, you must enable the Use SSL switch and upload the certificate in the SSL key section. Otherwise, Database Audit cannot audit the encrypted traffic. If the database does not meet these conditions or is not configured with a certificate, you can leave this parameter unconfigured and leave the Use SSL switch disabled.

      SSL key

      After you enable the Use SSL switch, upload the certificate file for the target database. Click Upload Certificate File to select and upload the file.

      You can import only certificates in PEM format. If your certificate is in a different format, you must first convert it to PEM format. For instructions on how to convert certificate formats, see How do I convert the format of a certificate?.

      Important
      • You can obtain the certificate file from your database provider.

      • A successful parse of your uploaded certificate indicates that its RSA algorithm is supported. If an error occurs when parsing the certificate file, join the DingTalk group (ID: 44519396) to contact product and technical experts for assistance.

    To apply Database Audit's built-in rules to the target database, select Associate built-in general rules upon saving.

    The database is successfully added. The added database is displayed on the Assets page. You can also view the added database in the Assets area on the Overview page. After you add the database, you must also deploy the Database Audit agent on the database server to start collecting audit data. For more information, see Install Agent.

After you add the database asset, perform the following steps:

  • Deploy the Database Audit agent on the database's server. This allows Database Audit to collect access traffic from the target database. For instructions, see Install an agent.

  • Configure security rules for the database asset. This allows Database Audit to trigger alerts for audit records that match the rules.

Modify a database

If a database asset's configuration changes, you must update its information in Database Audit.

  1. Log on to Database Audit. For instructions, see Log on to the Database Audit system.

  2. In the navigation pane on the left, choose Assets > Asset Management.

  3. Find the database asset that you want to modify and click Modify.

  4. In the Modify Asset panel, change the database configuration and click Save.

    For a description of the database configuration parameters, see Step 4 in the Add a database section.

Delete a database

If you no longer need to audit a database, you can delete the user-created database asset from Database Audit. You cannot delete assets that are classified as RDS.

  1. Log on to Database Audit. For instructions, see Log on to the Database Audit system.

  2. In the navigation pane on the left, choose Assets > Asset Management.

  3. Find the database asset that you want to delete and click Delete.

  4. In the confirmation message that appears, click OK to delete the database asset.