Adding Risky Operations

Database audit has four built-in detection rules, including database reduction detection, slow SQL statements detection, batch data tampering detection, and batch data deletion detection, helping you detect database security risks in a timely manner. You can also add risky operations and customize detection rules.

One piece of audited data can match only one risky operation rule.

Prerequisites

The database audit instance is in the Running state.
For details about how to enable database audit, see Enable Database Audit.

Procedure

Log in to the management console.
Click and choose Security > Database Security Service. The Dashboard page is displayed.
In the navigation tree, choose Rules.
In the Instance drop-down list, select an instance to add risky operations.
Click the Risky Operation tab.
Click Add above the risky operation list.

On the Add Risky Operation page, set the basic information and IP address or IP range. For details about related parameters, see Table 1.

Figure 1 Configuring basic information and IP addresses or IP address segments

**Table 1** Parameters
Parameter	Description	Example Value
Name	Custom name of a risky operation	test
Risk Severity	Severity of a risky operation. The options are as follows: High Moderate Low No risks	High
Status	Status of a risky operation : enabled : disabled
Select Database	Database that the risky operation will be applied to You can select ALL or a specific database.	-
Exception Client IP Address or IP Range	To report risky operation alarms set by users, configure the client IP address or IP address range that is not in the trusted client IP address or IP address range. The IP address can be an IPv4 address (for example, 192.168.1.2) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).	192.168.xx.xx
Client IP Address or IP Range	IP address or IP address range of the client The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).	192.168.xx.xx

Set the operation type, operation object, and execution result. For details about related parameters, see Table 2.

Figure 2 Setting the operation type, operation object, and execution result

**Table 2** Parameters
Parameter	Description	Example Value
Operations	Type of a risky operation, including Login and Operation When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.	Operation
Objects	Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.	-
Results	Set Affected Rows and Operation Duration. The operation conditions are as follows: Greater than Less than Equal To Greater than or equal to Less than or equal to	-

Click Save.

Parent topic: Configuring Audit Rules

Previous topic: Managing SQL Injection Rules

Next topic: Configuring Privacy Data Protection Rules

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel