Adding an SQL Injection Rule
You can add SQL injection rules to audit your databases.
Prerequisites
- You have purchased a database audit instance and the Status is Running.
- You have added a database and enabled database audit.
- A database has been added.
Procedure
- Log in to the management console.
- Select a region, click
, and choose . The Dashboard page is displayed. - In the navigation tree, choose Rules.
- In the Instance drop-down list, select an instance to add audit scope.
- Click the SQL Injection tab.
Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.
- Click Add Rule and configure parameters. Figure 1 Adding an SQL injection rule
Table 1 SQL injection rule parameters Parameter
Description
Example Value
Name
Name of an SQL rule.
Postal Code SQL injection Rule
Risk Level
Level of risks matching a SQL rule. Its value can be:
- High
- Moderate
- Low
- No risk
Moderate
Status
Enables or disables an SQL injection rule.
: enabled
: disabled
Test Regular Expression
Regular expression that checks for content in certain pattern.
^\d{6}$
Data
Content that matches the regular expression.
Enter content and click Test to verify that the regular expression works properly.
628307
Result
Test result. It can be:
- Hit
- Miss NOTE:
If the test result is Hit, the regular expression is correct.
If the test result is Miss, the regular expression is incorrect.
Hit
- Confirm the information and click OK.
Last Article: Adding Audit Scope
Next Article: Enabling or Disabling SQL Injection Detection
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.