Getting Started with Common Practices
After configuring DBSS, you can view common practices to better use DBSS.
|
Practice |
Description |
|
|---|---|---|
|
Auditing a Database |
Database audit is deployed in out-of-path mode. The database audit agent is deployed on the database or application server to obtain access traffic, upload traffic data to the audit system, receive audit system configuration commands, and report database monitoring results, implementing security audit on databases built on ECS or BMS. |
|
|
DBSS can audit the security of relational database instances. (Applications connected to this DB instance are deployed on ECS.) DBSS can audit certain types of relational databases without installing agents. |
||
|
For easier O&M, you can deploy the database audit agent in a large number of containerized applications or databases in batches. This makes configuration quicker and easier. |
||
|
Checking a Database |
Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach. You can learn the execution duration, number of affected rows, and database information of the SQL statements. |
|
|
Database audit provides a preconfigured rule to check for slow SQL statements, whose response time recorded in audit logs is greater than 1 second. You can learn the execution duration, number of affected rows, and database information of the slow SQL statements, and optimize the statements accordingly. |
||
|
Configure a rule to detect operations on dirty tables. You can configure unnecessary databases, tables, and columns as dirty tables. Programs that access the dirty tables will be marked as suspicious programs. In this way, you can detect the SQL statements that access dirty tables and detect data security risks in a timely manner. |
||
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
