Scenario

Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach.

You can learn the execution duration, number of affected rows, and database information of the SQL statements.

Viewing Data Reduction Check Results

Perform the following steps:

1. Log in to the management console.
2. In the upper part of the page, select a region, click , and choose Security > Database Security Service.
3. In the left navigation pane, choose Dashboard.
4. In the Instance drop-down list, select the instance whose data reduction statement information you want to view.
5. Click the Statements tab.
6. Set filter criteria to query SQL statements.
   • Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and end time. Click Submit to view SQL statements of the specified time range.
   • Set Risk Severity (the default value in the data reduction rule is High) and click Submit.
   • Click next to Advanced Settings, enter required information, and click Submit, as shown in Figure 1. The specified SQL statements are displayed in the list.
     

     A maximum of 10,000 records can be retrieved in a query.

     Figure 1 Advanced settings
     

7. In the row containing the desired SQL statement, click Details in the Operation column. See Figure 2.
   Figure 2 Viewing data reduction details
   

8. In the Details dialog box, view the detailed information about the SQL statement. See Figure 3. Table 1 describes the parameters.
   Figure 3 Details dialog box
   

   Table 1 SQL statement parameters

   Parameter	Description
   Session ID	ID of an SQL statement, which is automatically generated
   Database Instance	Database where an SQL statement is executed
   Database Type	Type of the database where an SQL statement is executed
   Database User	Database user for executing an SQL statement
   Client MAC Address	MAC address of the client where an SQL statement is executed
   Database MAC Address	MAC address of the database where an SQL statement is executed
   Client IP Address	IP address of the client where an SQL statement is executed
   Database IP Address	IP address of the database where an SQL statement is executed
   Client Port	Port of the client where an SQL statement is executed
   Database Port	Port of the database where the SQL statement is executed
   Client Name	Name of the client where an SQL statement is executed
   Operation Type	Type of an SQL statement operation
   Operation Object Type	Type of an SQL statement operation object
   Response Result	Response to an SQL statement
   Affected Rows	Number of rows affected by executing an SQL statement
   Started	Time when an SQL statement starts to be executed
   Ended	Time when the SQL statement execution ends
   SQL Statement	Name of an SQL statement
   Request Result	Result of requesting for executing an SQL statement

Viewing Data Reduction Check Rules

Choose Rules and click the Risky Operations tab. Here you can perform the following operations:

Figure 4 Data reduction detection

• Enable

  In the row containing the data reduction detection rule, click Enable in the Operation column.

• Edit

  In the row containing the data reduction detection rule, click Edit in the Operation column.

• Disable

  In the row containing the data reduction detection rule, click Disable in the Operation column. Disabled rules will not be audited.

• Delete

  In the row containing the data reduction detection rule, click Delete in the Operation column. To add the rule again, follow the instructions in Adding Risky Operations.