Adding an SQL Injection Rule

Prerequisites

• The database audit instance is in the Running state.
• For details about how to enable database audit, see Enable Database Audit.

Procedure

1. Log in to the management console.
2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
3. In the navigation tree, choose Rules.
4. In the Instance drop-down list, select an instance to add audit scope.
5. Click the SQL Injection tab.
   

   Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.

6. Click Add Rule and configure parameters.
   Figure 1 Adding an SQL injection rule
   

   Table 1 SQL injection rule parameters

   Parameter	Description	Example Value
   Rule Name	Name of an SQL rule.	Postal Code SQL injection Rule
   Risk Level	Level of risks matching a SQL rule. Its value can be: High Medium Low No risk	Medium
   Status	Enables or disables an SQL injection rule. : enabled : disabled
   Regular Expression	Regular expression that checks for content in certain pattern.	^\d{6}$
   Raw Data	Content that matches the regular expression. Enter content and click Test to verify that the regular expression works properly.	628307
   Result	Test result. It can be: Hit Miss NOTE: If the test result is Hit, the regular expression is correct. If the test result is Miss, the regular expression is incorrect.	Hit

7. Confirm the information and click OK.