Function Overview

Database Security Service (DBSS) is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations.

Database audit supports RDS databases and self-built databases on ECS/BMS on HUAWEI CLOUD. After purchasing a database audit instance, you need to add the database to be audited to the instance. After adding a database, you can view, disable or delete the database.

Add a new agent or choose an existing agent for the database to be audited, depending on your database type. The agent will obtain database access traffic, upload traffic statistics to the audit system, receive audit system configuration commands, and report database monitoring data.
You can enable database audit only after the agent is installed. The agent can be installed in Linux and Windows.
After adding an agent to the database, you can view, disable or delete the agent.

Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the database audit instance to allow the agent to communicate with the audit instance.

By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. You can also add audit scope and specify the databases to be audited.
After adding an audit scope, you can view, enable, edit, disable, or delete the audit scope.

SQL injection detection is enabled by default. You can enable or disable the detection rules. One piece of audited data can match only one SQL injection detection rule.

To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage.

After configuring alarm notifications, you can receive DBSS alarms on database risks. If this function is not enabled, you have to log in to the management console to view alarms.
Alarm notifications may be mistakenly blocked. If you have enabled notifications but not received any, check whether they have been blocked as spasms.
The system collects alarm statistics every 5 minutes and sends alarm notifications (if any).

Database audit logs can be backed up to OBS buckets to achieve high availability for disaster recovery. You can back up or restore database audit logs as required. After backing up audit logs, you can view or delete backup audit logs.

After purchasing a database audit instance, you can view, enable, restart, and disable the instance.

After adding a risky operation, you can view the risk, enable, edit, disable, or delete the risky operation, or set its priority.

By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After connecting the database to the database audit instance, you can view report templates and report results.