Updated on 2022-11-23 GMT+08:00

Checking for Dirty Tables

Scenario

Configure a rule to detect operations on dirty tables. You can configure unnecessary databases, tables, and columns as dirty tables. Programs that access the dirty tables will be marked as suspicious programs.

In this way, you can detect the SQL statements that access dirty tables and detect data security risks in a timely manner.

Prerequisites

You have configured unnecessary databases, tables, or columns.

Procedure

  1. Log in to the management console.
  2. Select a region and click . Choose Security & Compliance > Database Security Service.
  3. In the navigation pane, choose Rules.
  4. In the Instance drop-down list, select an instance.
  5. Click the Risky Operations tab.
  6. In the Basic Information area, set Risk Level to High.
  7. (Optional) Configure an IP address or IP address segment, or all the IP addresses will be checked by default.
  8. Select Operation and All operations. Configure unnecessary databases, tables, or columns, as shown in Figure 1.

    Figure 1 Adding a dirty table detection rule

  9. Click Save.

Viewing Dirty Table Detection Results

Perform the following steps:

  1. Log in to the management console.
  2. Select a region and click . Choose Security & Compliance > Database Security Service.
  3. In the navigation pane, choose Dashboard.
  4. In the Instance drop-down list, select the instance whose data reduction statement information you want to view.
  5. Click the Statements tab.
  6. Set filter criteria to query SQL statements.

    • Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and end time. Click Submit to view SQL statements of the specified time range.
    • Set Risk Severity (the default value in the dirty table detection rule is High) and click Submit.
    • Click next to Advanced Settings. Configure parameters as shown in Figure 2. Click Search.

      A maximum of 10,000 records can be retrieved in a query.

      Figure 2 Advanced settings

  7. In the Operation column of an SQL statement, click Details. For more information, see Table 1.

    Table 1 SQL statement parameters

    Parameter

    Description

    Session ID

    ID of an SQL statement, which is automatically generated

    Database Instance

    Database where an SQL statement is executed

    Database Type

    Type of the database where an SQL statement is executed

    Database User

    Database user for executing an SQL statement

    Client MAC Address

    MAC address of the client where an SQL statement is executed

    Database MAC Address

    MAC address of the database where an SQL statement is executed

    Client IP Address

    IP address of the client where an SQL statement is executed

    Database IP Address

    IP address of the database where an SQL statement is executed

    Client Port

    Port of the client where an SQL statement is executed

    Database Port

    Port of the database where the SQL statement is executed

    Client Name

    Name of the client where an SQL statement is executed

    Operations

    Type of an SQL statement operation

    Operation Object Type

    Type of an SQL statement operation object

    Response Result

    Response to an SQL statement

    Affected Rows

    Number of rows affected by executing an SQL statement

    Started

    Time when an SQL statement starts to be executed

    Ended

    Time when the SQL statement execution ends

    SQL Statement

    Name of an SQL statement

    Request Result

    Result of requesting for executing an SQL statement

View Dirty Table Detection Rules

Choose Rules and click the Risky Operations tab. Here you can perform the following operations.

  • Enable

    In the row containing the dirty table detection rule, click Enable in the Operation column.

  • Edit

    In the row containing the dirty table detection rule, click Edit in the Operation column.

  • Disable

    In the row containing the dirty table detection rule, click Disable in the Operation column. Disabled rules will not be audited.

  • Delete

    In the row containing the dirty table detection rule, click Delete in the Operation column. To add the rule again, follow the instructions in Adding Risky Operations.